I've run into a really weird problem :
I have the following scenario :
PC ip : 10.10.10.11/24 ] --SRX550--Site2SiteVPNtoAWS--[ VM ip : 10.255.255.55/24
The SRX550's address on the interface connected to the PC is 10.10.10.10/24
The PC is natted.
The PC can ping the VM and I get replies. However the VM can't ping the PC. I can see that there are requests packets comming from the 10.255.255.55 address on the PC's interface, but there is no response getting to the VM.
I CAN ping the 10.10.10.10 address from the VM.
root@srx-0> show security flow session protocol icmp Session ID: 19965, Policy name: ALLOW_ALL/4, State: Active, Timeout: 26, Valid In: 10.255.255.55/1 --> 10.10.10.11/21562;icmp, If: st0.1, Pkts: 1, Bytes: 84 Out: 10.10.10.11/21562 --> 10.255.255.55/1;icmp, If: reth1.1337, Pkts: 0, Bytes: 0
I see that the traffic is going in, I see that the traffic is going out. The firewall knows about the 10.255.255.0/24 network from the bgp :
10.255.255.0/24 *[BGP/170] 00:39:56, MED 100, localpref 100 AS path: 64543 E > to 161.252.77.9 via st0.1 [BGP/170] 00:39:49, MED 100, localpref 100 AS path: 64543 E > to 161.252.26.25 via st0.2
What am I doing wrong ? This is the whole config - > https://pastebin.com/twFzbXBf
No comments:
Post a Comment