Hello Hisham,
The clients in the /77 network is connected to physical port fe-0/0/7, but the ports fe-0/0/1 to fe-0/0/7 are combined to a vlan1.
Here is the config:
security-zone TRUST {
interfaces {
vlan.1 {
host-inbound-traffic {
system-services {
all;
http;
https;
ssh;
telnet;
}
protocols {
all;
So, I think that explit issunig the commands "set security zones security-zone TRUST ..." is unnecessary.
Let's go to ping, then.
I would like to underline, that I have not a 33/24 network in my configuration, only 3/24.
So, SRX-01:
Den@SRX-01> ping 192.168.77.1
PING 192.168.77.1 (192.168.77.1): 56 data bytes
64 bytes from 192.168.77.1: icmp_seq=0 ttl=64 time=11.281 ms
--
Den@SRX-01> ping source 192.168.3.24 192.168.77.1
PING 192.168.77.1 (192.168.77.1): 56 data bytes
64 bytes from 192.168.77.1: icmp_seq=0 ttl=64 time=7.510 ms
The SRX-01 is OK.
Let's go to SRX-02:
Den@SRX-02> ping 192.168.3.24
PING 192.168.3.24 (192.168.3.24): 56 data bytes
64 bytes from 192.168.3.24: icmp_seq=0 ttl=64 time=10.648 ms
Den@SRX-02> ping source 192.168.77.1 192.168.3.24
PING 192.168.3.24 (192.168.3.24): 56 data bytes
64 bytes from 192.168.3.24: icmp_seq=0 ttl=64 time=9.960 ms
So, as you can see, the vpn tunnel between the SRX's is OK.
Let's go to 3/24.
Here is the client in the 3/24 network pinging the SRX-01:
den@CLIENT:~$ ping 192.168.3.24
PING 192.168.3.24 (192.168.3.24) 56(84) bytes of data.
64 bytes from 192.168.3.24: icmp_req=1 ttl=64 time=2.80 ms
And here is the SRX-01 pinging the client:
Den@SRX-01> ping source 192.168.3.24 192.168.3.21
PING 192.168.3.21 (192.168.3.21): 56 data bytes
64 bytes from 192.168.3.21: icmp_seq=0 ttl=64 time=2.310 ms
As I can see, everything's OK.
I think, I found a bug in the firmware in the so-called "router-on-the-stick" and VPN configuration in the SRX-01.
Thanks for the reply,
Den