Hi Bikash, I addition to everything, you also have to keep in mind that SRX is a stateful device and performs a reverse route lookup when establishing a new session. Unfortunately you can't enable something like "use the iface and mac address from where the packet came" for traffic in backward direction.
Be aware of this, because in some case of FBF the reverse route will point to a different interface than the first packet came through, and such an asymmetric scheme is something to be very carefully planned when you use stateful devices. If this happens you first must to have both of the interfaces in the same security zone, second if you use NAT, it's not bad to think of which IPs will have the packets and which IPS they go to. I did not look deeply into your config, maybe it's not your case, but just keep in mind, that if you send packets to an ISP1 with src-ip dedicated by ISP2, you have quite good chance to be blocked by uRPF check of ISP1. -- Regards, Pavel _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp