Maybe I'm new in Juniper Network and you'll find a fast resolution for this issue.
But, following my past experience in networking and security, this problem still strange for me :-)
SIMPLIFY LAB ENVIRONMENT:
EX-2200 ->trunk -> SRX-110
On the EX-2200 I've two vlans:
- CONTACT
- DATA
On the SRX-110 I've one vlan:
- CONTACT
PROBLEM:
I've one PC connected to EX-2200 in access to DATA vlan.
The problem is that PC is able to ping RVI_DATA but not RVI_CONTACT! something if routing on the EX should be disabled or security policy on EX are involved*... BUT ... From the SRX itself, if I try to ping the PC, IS WORKING WELL!
*Security policy on the EX as far as I read shoudn't be put in place...is not one SRX.
- Why I'm not able to ping the other RVI interface?! [here... I really don't know wky...]
- Why I'm not able to ping the SRX? [maybe something wrong on the security zone configuration?!]
CONFIGURATION EXTRACT:
EX-2200:
interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
vlan {
unit 10 {
description CONTACT_VLAN_AND_MANAGEMENT;
family inet {
address 10.10.10.254/24;
}
unit 30 {
family inet {
address 10.30.30.1/24;
routing-options {
static {
route 0.0.0.0/0 next-hop 10.10.10.1;
vlans {
CONTACT-MGMT {
vlan-id 10;
l3-interface vlan.10;
}
DATA {
vlan-id 30;
l3-interface vlan.30;
SRX:
interfaces {
fe-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
vlan {
unit 10 {
family inet {
address 10.10.10.1/24;
zones {
security-zone CONTACT-INSIDE {
description "Contact inside to HQ internal";
interfaces {
vlan.10 {
host-inbound-traffic {
system-services {
all;
vlans {
vlan-10 {
vlan-id 10;
l3-interface vlan.10;
PC
10.30.30.33
255.255.255.0
10.30.30.1 gw
WHY I'M NOT ABLE TO PING 10.10.10.254 OR 10.10.10.1?