Re: configuring fxp0 interface for remote access

HiAsifkhan

I have elaborated the following topology so you can better understand the concepts being discussed, hope this helps:

                                    |---------(172.16.10.5)-Admin_PC_A
                                    |
                                    |
node 0 (fxp0:172.16.10.1)---------------Switch-------(172.16.10.254)-Backup_router-(20.20.20.254)---------Admin_PC_B
				    |
node 1 (fxp0:172.16.10.2)-----------

The fxp0 interfaces are interfaces dedicated to the out-of-band management of a Junos device, in Chassis Cluster's case to the management of each node separately. If your PC has an IP address within the same subnet of the addresses configured on the fxp0 interfaces (like Admin_PC_A) then you shouldnt have problems communicating with those addresses ( Im talking about ping). Because the fxp0 interface is directly connected to the RE of the Junos device, you dont need to configure these interfaces on any security-zone. Now, for SSH access you need to enable the SSH service under [edit systerm services] hierarchy.

PLease note that Admin_PC_A is within the same subnet of the addresses configured on the fxp0 interfaces but Admin_PC_B is on a different subnet. And why is it relevant? Well the RPD daemon, which is the process in charge of the routing in Junos, only runs on the primary node when working with a Chassis Cluster hence if the PC from which you are sending traffic to the SRX is outside the subnet of the addresses configured on the fxp0 interfaces (like Admin_PC_B), the secondary node wont be able to reply to that host because it needs to find a route to that host, however its routing daemon is not operational. For fixing this problem the backup router statement can be configured, pointing to a device that resides within the same subnet of the fxp0 interfaces in order to reach other subnets. In the topolgy above the device acting as the backup-router is highlighted in red.

1. Understanding and configuring the Backup-router: https://www.juniper.net/documentation/en_US/junos/topics/concept/backup-router-understanding.html
2. Default-route shouldnt be used in backup-router statement: https://kb.juniper.net/KB15580

Being this said, please check:

• are you pinging/SSH from a PC on the same subnet of the fxp0 interfaces? or is the PC on a different subnet?
• is SSH enabled under [edit system services]?
• do you have the backup-router properly configured?
• do you see the ARP entries properly learned on the switch connected to the fxp0 interfaces?
• if pinging from a different subnet, does the PC and the devices in between has the proper routes to reach the fxp0 subnet and viceversa?