SRX Services Gateway
Highlighted
SRX Services Gateway

Why can't I have PING with virtual router? (SRX550)

‎10-11-2019 02:10 AM

I am testing several configurations but my intention is to have PING with a virtual router and I cannot have PING, can someone please help me? Thank you

security-zone VRRepartoZone {
host-inbound-traffic {
system-services {
ping;
}
}
interfaces {
ge-0/0/3.0;
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.3.1/24;
}
}
}
ge-0/0/3 {
unit 0 {
family inet {
address 192.168.3.2/24;
}
}
}
ge-0/0/4 {
unit 0 {
family inet {
address 192.168.3.4/24;
}
}
}
}
routing-instances {
VRReparto {
instance-type virtual-router;
interface ge-0/0/3.0;
}
}

 

Why can't I have PING?
6 REPLIES 6
Highlighted
SRX Services Gateway
Solution
Accepted by topic author c0d3
‎10-18-2019 03:11 AM

Re: Why can't I have PING with virtual router? (SRX550)

‎10-11-2019 02:18 AM

Hi, 

 

Not sure if I understood the question, but if you want to run ping from an RI:

ping <ip address> routing-instance <virtual-router>

I believe you will also need security policies in place to allow icmp or junos-ping or junos-icmp-all 

 

Cheers, 
Ashvin

Highlighted
SRX Services Gateway

Re: Why can't I have PING with virtual router? (SRX550)

‎10-11-2019 02:42 AM

Thanks for your attention, my policies are:

 

security {
policies {
from-zone VRRepartoZone to-zone junos-host {
policy PolicyVRReparto {
match {
source-address any;
destination-address any;
application any;
source-identity any;
}
then {
permit;
}
}
}
}

 

The problem is that I want for example that from my virtual router ping at least with it and then with a port of a MikroTik, thanks!


root@GoodJuniper# run ping 192.168.3.2 routing-instance VRReparto
PING 192.168.3.2 (192.168.3.2): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 192.168.3.2 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

 

Highlighted
SRX Services Gateway

Re: Why can't I have PING with virtual router? (SRX550)

‎10-11-2019 02:48 AM

Hi, 

 

The issue here appears to be with that route not present in that VR/RI:

ping: sendto: No route to host

Do you have a route for that IP in that RI:

show route 192.168.3.2 table VRReparto.inet.0
show interfaces terse routing-instance VRReparto

Cheers, 
Ashvin

Highlighted
SRX Services Gateway

Re: Why can't I have PING with virtual router? (SRX550)

‎10-11-2019 03:20 AM

I think that then I don't have the route right:

root@GoodJuniper# run show route 192.168.3.2 table VRReparto.inet.0

VRReparto.inet.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.3.2/32 *[Local/0] 02:55:52
Reject

and..

root@GoodJuniper# run show interfaces terse routing-instance VRReparto
Interface Admin Link Proto Local Remote
ge-0/0/3.0 up down inet 192.168.3.2/24

[edit]
root@GoodJuniper#

 

Thanks!

Highlighted
SRX Services Gateway

Re: Why can't I have PING with virtual router? (SRX550)

‎10-11-2019 03:25 AM

Hi,

 

No route because the interface is down.

 

Cheers, 

Ashvin

Highlighted
SRX Services Gateway

Re: Why can't I have PING with virtual router? (SRX550)

‎10-11-2019 05:56 AM

Thank you very much for your help, the problem is that I had the IP of the route wrong and for that reason I did not do PING, thank you very much, I would give you kudo's but it does not leave me, thank you very much again.