SRX

last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Why can't I have PING with virtual router? (SRX550)

    Posted 10-11-2019 02:11 

    I  am testing several configurations but my intention is to have PING with a virtual router and I cannot have PING, can someone please help me? Thank you

     security-zone VRRepartoZone {
    host-inbound-traffic {
    system-services {
    ping;
    }
    }
    interfaces {
    ge-0/0/3.0;
    }
    }
    }
    }
    interfaces {
    ge-0/0/0 {
    unit 0 {
    family inet {
    address 192.168.3.1/24;
    }
    }
    }
    ge-0/0/3 {
    unit 0 {
    family inet {
    address 192.168.3.2/24;
    }
    }
    }
    ge-0/0/4 {
    unit 0 {
    family inet {
    address 192.168.3.4/24;
    }
    }
    }
    }
    routing-instances {
    VRReparto {
    instance-type virtual-router;
    interface ge-0/0/3.0;
    }
    }

     

    Why can't I have PING?


  • 2.  RE: Why can't I have PING with virtual router? (SRX550)
    Best Answer

     
    Posted 10-11-2019 02:19

    Hi, 

     

    Not sure if I understood the question, but if you want to run ping from an RI:

    ping <ip address> routing-instance <virtual-router>

    I believe you will also need security policies in place to allow icmp or junos-ping or junos-icmp-all 

     

    Cheers, 
    Ashvin



  • 3.  RE: Why can't I have PING with virtual router? (SRX550)

    Posted 10-11-2019 02:43

    Thanks for your attention, my policies are:

     

    security {
    policies {
    from-zone VRRepartoZone to-zone junos-host {
    policy PolicyVRReparto {
    match {
    source-address any;
    destination-address any;
    application any;
    source-identity any;
    }
    then {
    permit;
    }
    }
    }
    }

     

    The problem is that I want for example that from my virtual router ping at least with it and then with a port of a MikroTik, thanks!


    root@GoodJuniper# run ping 192.168.3.2 routing-instance VRReparto
    PING 192.168.3.2 (192.168.3.2): 56 data bytes
    ping: sendto: No route to host
    ping: sendto: No route to host
    ping: sendto: No route to host
    ^C
    --- 192.168.3.2 ping statistics ---
    3 packets transmitted, 0 packets received, 100% packet loss

     



  • 4.  RE: Why can't I have PING with virtual router? (SRX550)

     
    Posted 10-11-2019 02:48

    Hi, 

     

    The issue here appears to be with that route not present in that VR/RI:

    ping: sendto: No route to host

    Do you have a route for that IP in that RI:

    show route 192.168.3.2 table VRReparto.inet.0
show interfaces terse routing-instance VRReparto

    Cheers, 
    Ashvin



  • 5.  RE: Why can't I have PING with virtual router? (SRX550)

    Posted 10-11-2019 03:20

    I think that then I don't have the route right:

    root@GoodJuniper# run show route 192.168.3.2 table VRReparto.inet.0

    VRReparto.inet.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    192.168.3.2/32 *[Local/0] 02:55:52
    Reject

    and..

    root@GoodJuniper# run show interfaces terse routing-instance VRReparto
    Interface Admin Link Proto Local Remote
    ge-0/0/3.0 up down inet 192.168.3.2/24

    [edit]
    root@GoodJuniper#

     

    Thanks!



  • 6.  RE: Why can't I have PING with virtual router? (SRX550)

     
    Posted 10-11-2019 03:25

    Hi,

     

    No route because the interface is down.

     

    Cheers, 

    Ashvin



  • 7.  RE: Why can't I have PING with virtual router? (SRX550)

    Posted 10-11-2019 05:56

    Thank you very much for your help, the problem is that I had the IP of the route wrong and for that reason I did not do PING, thank you very much, I would give you kudo's but it does not leave me, thank you very much again.