![]() Session ID: 20754, Policy name: self-traffic-policy/1, Timeout: 48, Valid Session ID: 20752, Policy name: self-traffic-policy/1, Timeout: 46, Valid Session ID: 20750, Policy name: self-traffic-policy/1, Timeout: 44, Valid Session ID: 20748, Policy name: self-traffic-policy/1, Timeout: 44, Valid Session ID: 20745, Policy name: self-traffic-policy/1, Timeout: 46, Valid Session ID: 20740, Policy name: self-traffic-policy/1, Timeout: 42, Valid PING 66.117.151.5 (66.117.151.5): 56 data bytesħ packets transmitted, 0 packets received, 100% packet run show security flow session source-prefix 10.0.3.1 destination-prefix 66.117.151.5 protocol icmp I can't for the life of me find out why nothing on 10.0.3.0/24 can get past run ping 66.117.151.5 source 10.0.3.1 Packets: Sent = 1, Received = 0, Lost = 1 (100% loss) Packets: Sent = 2, Received = 0, Lost = 2 (100% loss) Minimum = 2ms, Maximum = 2ms, Average = 2ms Minimum = 1ms, Maximum = 1ms, Average = 1ms Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),Īpproximate round trip times in milli-seconds: ![]() Pings from the host plugged into fe-0/0/4: C:\Users\Owner>ping 10.0.3.10 Relevant security policy: show configuration security policies Relevant security zones: show configuration security zones Inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden) I have a default static show configuration routing-options If I ping 8.8.8.8 from my vlan.3 router, I get ping 8.8.8.8 source 10.0.3.1ġ1 packets transmitted, 0 packets received, 100% packet loss If I ping 8.8.8.8 from the SRX, I get a ping 8.8.8.8Ħ4 bytes from 8.8.8.8: icmp_seq=0 ttl=59 time=10.983 msġ packets transmitted, 1 packets received, 0% packet loss Untrust zone, vlan.2: 1.1.1.71/24 (using all 1s instead of my real public IP) However, members of trust zone cannot ping the gateway of my public IP. With my public IP being 1.1.1.71, trust members can ping 1.1.1.71, but they cannot ping 1.1.1.1. I have vlan.3 in my trust zone, and hosts in vlan.3 get an IP from the vlan.3 DHCP server just fine, and they can even ping the public IP I've assigned to the untrust interface on my SRX-210B.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |