Friday, November 29, 2019

Some help with routing through site2site ipsec tunnel to aws

Hi,

I'm pretty new to juniper devices, but somehow i've managed to set up the tunnels to aws with 2 srx firewalls. But I now have a problem with routing through the tunnels and accessing the virtual machines on the aws end.

This is the show route output. As you can see the network 10.255.255.0/24 is accessible via the 2 tunnel interfaces, but for some reason I can not ping 10.255.255.10 which is a vm that has no firewall.

Also I've setup policies that ALLOW all traffic between the 2 zones that i have - trusted and untrusted. Just to be sure that it's not the firewall blocking the packets. Any ideas ?

root@srx-0> show route

inet.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[Static/5] 02:45:46 > to 143.133.16.1 via reth0.0 10.10.10.0/24 *[Direct/0] 00:48:25 > via reth1.0 10.10.10.10/32 *[Local/0] 03:43:51 Local via reth1.0 10.255.255.0/24 *[BGP/170] 01:16:20, MED 100, localpref 100 AS path: 64231 E > to 169.254.16.11 via st0.2 [BGP/170] 01:16:15, MED 100, localpref 100 AS path: 64231 E > to 169.254.74.8 via st0.1 13.37.13.0/24 *[Direct/0] 03:29:58 > via fxp0.0 13.37.13.37/32 *[Local/0] 03:29:58 Local via fxp0.0 169.254.26.24/30 *[Direct/0] 02:27:53 > via st0.2 169.254.26.26/32 *[Local/0] 02:27:53 Local via st0.2 169.254.77.8/30 *[Direct/0] 02:54:32 > via st0.1 169.254.77.10/32 *[Local/0] 02:54:32 Local via st0.1 143.133.16.0/22 *[Direct/0] 02:45:46 > via reth0.0 143.133.16.250/32 *[Local/0] 03:43:51 Local via reth0.



No comments:

Post a Comment