I have an SRX3600 and an EX2200. I can ping everything on the EX2200 from the SRX, but I can't ping the gateway (or anything else) on the SRX from the EX. Another set of eyes would be wonderful.
admin@wb-sw1> ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1): 56 data bytes
^C
--- 192.168.2.1 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
The gateway shows up in the arp table.
admin@wb-sw1> show arp
MAC Address Address Name Interface Flags
44:d9:e7:4c:7f:c8 192.168.1.11 192.168.1.11 vlan.10 none
44:d9:e7:4c:80:64 192.168.1.13 192.168.1.13 vlan.10 none
40:b4:f0:d6:44:00 192.168.2.1 192.168.2.1 ge-0/0/0.0 none
Total entries: 3
The EX2200 has the following configuration.
ge-0/0/0 is my link to my SRX
ge-0/0/12 & 24 are connected to devices on the 192.168.1.0/24 subnet.. all which can be accessed by the SRX. Communication is only one way though; I cannot ping the gateway of the SRX from the EX.
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.2.2/30;
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
port-mode access;
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/8 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/9 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/11 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/12 {
unit 0 {
family ethernet-switching {
vlan {
members internal-net;
}
}
}
}
ge-0/0/13 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/14 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/15 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/16 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/17 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/18 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/19 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/20 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/21 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/22 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/23 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/24 {
unit 0 {
family ethernet-switching {
vlan {
members internal-net;
}
}
}
}
ge-0/0/25 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/26 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/27 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/28 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/29 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/30 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/31 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/32 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/33 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/34 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/35 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/36 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/37 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/38 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/39 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/40 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/41 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/42 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/43 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/44 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/45 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/46 {
unit 0 {
family ethernet-switching;
}
}
ge-0/0/47 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/1 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/2 {
unit 0 {
family ethernet-switching;
}
}
ge-0/1/3 {
unit 0 {
family ethernet-switching;
}
}
ge-0/2/0 {
unit 0;
}
me0 {
unit 0 {
family inet {
address 192.168.199.1/29;
}
}
}
vlan {
unit 0 {
family inet;
}
unit 10 {
family inet {
address 192.168.1.1/24;
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.2.1;
}
}
protocols {
igmp-snooping {
vlan all;
}
rstp;
lldp {
interface all;
}
lldp-med {
interface all;
}
}
ethernet-switching-options {
storm-control {
interface all;
}
}
vlans {
default;
internal-net {
vlan-id 10;
l3-interface vlan.10;
}
wan;
}
And this is the SRX:
ge-0/0/0 is the link to the EX, ge-0/0/8 is my WAN uplink
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.2.1/30;
}
}
}
ge-0/0/8 {
enable;
speed 1g;
link-mode full-duplex;
gigether-options {
no-auto-negotiation;
}
unit 0 {
family inet {
address 192.69.88.162/27;
}
}
}
lo0 {
unit 0 {
family inet {
address 127.0.0.1/32;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 192.69.88.161;
route 192.168.1.0/24 next-hop 192.168.2.2;
}
}
security {
zones {
security-zone trust {
interfaces {
ge-0/0/0.0;
}
}
security-zone untrust {
interfaces {
ge-0/0/8.0;
}
}
}
}
Best Answer
Figured out what was going on. This is unique to SRX devices as they are security devices. I had to add host-system-services inbound ping to my trust zone, like so: