Working on a MPLS SP lab. It appears I am unable to establish 2 way ldp session between my SRX and Cisco 2811. My SRX shows an ldp neighbor, but my 2811 does not. Output below. Not sure if my egress LDP policy is incorrect, my security zone config is incorrect or what else it could be. Any insight would be greatly appreciated.
set groups ISISPEER protocols isis traceoptions file isis-debug
set groups ISISPEER protocols isis traceoptions file size 1m
set groups ISISPEER protocols isis traceoptions file files 10
set groups ISISPEER protocols isis traceoptions flag state
set groups ISISPEER protocols isis traceoptions flag error
set groups ISISPEER protocols isis level 1 disable
set groups ISISPEER protocols isis interface <*> point-to-point
set system host-name PE-R8FW3JunOS_SRX210
set system root-authentication encrypted-password "$1$J1ePhXam$ql1lI3dlDNg/Xzutil4AU0"
set interfaces interface-range redundantlink member fe-0/0/2
set interfaces interface-range redundantlink member fe-0/0/3
set interfaces interface-range redundantlink description "redundant interlink to R7FW2JunOS_SRX220"
set interfaces fe-0/0/4 description "link to Cisco_3550 via fa0/4"
set interfaces fe-0/0/4 unit 0 family inet address 172.16.5.1/30
set interfaces fe-0/0/5 description "uplink to P-R11Cisco_2901 via Gi0/1"
set interfaces fe-0/0/5 unit 0 family inet address 10.254.255.3/31
set interfaces fe-0/0/5 unit 0 family iso address 49.0200.0210.0210.8888.8888.00
set interfaces fe-0/0/5 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 9.17.82.10/32
set routing-options router-id 9.17.82.10
set protocols mpls interface fe-0/0/5.0
set protocols mpls interface lo0.0
set protocols isis apply-groups ISISPEER
set protocols isis clns-routing
set protocols isis level 2 authentication-key "$9$fzF6At0hSls2TF3ntp"
set protocols isis interface fe-0/0/5.0
set protocols isis interface all ldp-synchronization
set protocols isis interface all point-to-point
set protocols isis interface lo0.0
set protocols isis label-switched-path PE-R8toP-R11
set protocols ldp traceoptions file st
set protocols ldp traceoptions file size 1m
set protocols ldp traceoptions file files 10
set protocols ldp traceoptions flag state
set protocols ldp traceoptions flag error
set protocols ldp egress-policy ISIS_Cisco
set protocols ldp transport-address interface
set protocols ldp interface fe-0/0/5.0
set protocols ldp interface lo0.0 transport-address interface
set protocols ldp igp-synchronization apply-groups ISISPEER
set protocols ldp igp-synchronization holddown-interval 30
set protocols lldp interface fe-0/0/7.0
set protocols lldp interface fe-0/0/5.0
set policy-options policy-statement ISIS_Cisco term 1 from protocol ldp
set policy-options policy-statement ISIS_Cisco term 1 from interface fe-0/0/5.0
set policy-options policy-statement ISIS_Cisco term 1 then accept
set policy-options policy-statement OSPF_Cisco term 1 from protocol ospf
set policy-options policy-statement OSPF_Cisco term 1 then accept
set security zones functional-zone management host-inbound-traffic system-services ping
set security zones functional-zone management host-inbound-traffic protocols all
set security zones functional-zone management host-inbound-traffic protocols ldp
set security zones security-zone trustinternalLAN host-inbound-traffic system-services ping
set security zones security-zone trustinternalLAN host-inbound-traffic protocols ospf
set security zones security-zone trustinternalLAN host-inbound-traffic protocols ldp
set security zones security-zone trustinternalLAN interfaces fe-0/0/4.0
set security zones security-zone trustinternalLAN interfaces fe-0/0/5.0
P-R11Cisco_2901#show mpls ldp neighbor
Peer LDP Ident: 3.47.28.11:0; Local LDP Ident 34.72.90.1:0
TCP connection: 3.47.28.11.646 - 34.72.90.1.23300
State: Oper; Msgs sent/rcvd: 225/221; Downstream
Up time: 02:59:02
LDP discovery sources:
GigabitEthernet0/0, Src IP addr: 10.254.255.5
Addresses bound to peer LDP Ident:
3.47.28.11 10.254.255.5
*Apr 14 03:07:21.735: ldp: Discovery hold timer expired for adj 0x3DE75A60, 9.17.82.10:0, will close conn
*Apr 14 03:07:21.735: ldp: Unregistered from LDP TCB database tcb 0x3DE7AC84 [key 9659], total 2
*Apr 14 03:07:21.735: ldp: Closing ldp conn 34.72.90.1:11413 <-> 9.17.82.10:646, adj 0x3DE75A60
*Apr 14 03:07:23.775: ldp: Opening ldp conn; adj 0x3DE75A60, 34.72.90.1 <-> 9.17.82.10; with normal priority
*Apr 14 03:07:23.775: ldp: No MD5 password protection for peer 9.17.82.10:0
*Apr 14 03:07:23.775: ldp: Registered TCB with LDP TCB database tcb 0x227578BC [key 9676], total 3
P-R11Cisco_2901#
P-R11Cisco_2901#
*Apr 14 03:07:38.775: ldp: Discovery hold timer expired for adj 0x3DE75A60, 9.17.82.10:0, will close conn
*Apr 14 03:07:38.775: ldp: Unregistered from LDP TCB database tcb 0x227578BC [key 9676], total 2
*Apr 14 03:07:38.775: ldp: Closing ldp conn 34.72.90.1:64580 <-> 9.17.82.10:646, adj 0x3DE75A60
root@PE-R8FW3JunOS_SRX210> show ldp neighbor
Address Interface Label space ID Hold time
10.254.255.2 fe-0/0/5.0 34.72.90.1:0 13
root@PE-R8FW3JunOS_SRX210> show ldp overview
Instance: master
Router ID: 9.17.82.10
Message id: 3
Configuration sequence: 1
Deaggregate: disabled
Explicit null: disabled
IPv6 tunneling: disabled
Strict targeted hellos: disabled
Loopback if added: yes
Route preference: 9
Capabilities enabled: none
Protocol modes:
Distribution: unsolicited
Retention: liberal
Control: ordered
Sessions:
Nonexistent: 1
Timers:
Keepalive interval: 10, Keepalive timeout: 30
Link hello interval: 5, Link hello hold time: 15
Targeted hello interval: 15, Targeted hello hold time: 45
Label withdraw delay: 60
Graceful restart:
Restart: enabled, Helper: enabled, Restart in process: false
Reconnect time: 60000, Max neighbor reconnect time: 120000
Recovery time: 160000, Max neighbor recovery time: 240000
Traffic Engineering:
Bgp igp: disabled
Both ribs: disabled
Mpls forwarding: disabled
IGP:
Tracking igp metric: disabled
Sync session up delay: 30
Session protection:
Session protection: disabled
Session protecton timeout: 0
Interface addresses advertising:
9.17.82.10
10.254.255.3
Interface GigabitEthernet0/1:
Type Unknown
IP labeling enabled (ldp):
Interface config
IGP config
LSP Tunnel labeling not enabled
IP FRR labeling not enabled
BGP labeling not enabled
MPLS operational
MTU = 1500