SRX Services Gateway
SRX Services Gateway

one vlan 2 subnets

10.11.17   |  
a week ago

Hi I have this situaton I have to setup on my SRX two subnets in one VLAN. Here's my interface config, but I am unable

to route traffic from subnet 1.0 to 3.0 but I am able to route traffic from 3.0 to 1.0. I know its not standart or even recommended but I have to ensure to communicate hosts between subnets for short period of time and then I will reconfigure whole network. Is it possible ? Thanks

 

description "TRUNK TO CORESW";
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}
unit 1 {
description LAN;
vlan-id 1;
family inet {
filter {
input SQUID;
}
sampling {
input;
output;
}
address 192.168.1.1/24 {
primary;
}
address 192.168.3.1/24;
}
}

1 REPLY
Highlighted
SRX Services Gateway

Re: one vlan 2 subnets

10.11.17   |  
a week ago

The answer will likely be in the security policy configuration.  

 

Look at the same zone to same zone policies for the zone this unit 1 interface is assigned to.

 

Also confirm there are no conflicting routes installed for either subnet and that the default gateways for the respective computers are correct.

 

You can run trace options for the failed traffic to see why the communications is denied.

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB21757

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home