You'll need a "hairpin" rule eg: set security policies from-zone trust to-zone trust policy hairpin match source-address any set security policies from-zone trust to-zone trust policy hairpin match destination-address any set security policies from-zone trust to-zone trust policy hairpin match application any set security policies from-zone trust to-zone trust policy hairpin then permit
There is no implicit "accept back into source zone". On Wed, Nov 3, 2010 at 5:33 AM, Bruce Buchanan <bbuch...@nexicomgroup.net>wrote: > Hi List –**** > > ** ** > > Can anyone give any suggestion/guidance on the following.**** > > ** ** > > I’m trying to do a static route **out** the same interface that the > traffic came **in** on. This is on an SRX-240**** > > ** ** > > Here are the details:**** > > “Private”: 192.168.20.0/24**** > > “Public”: 216.168.x.x/32**** > > Static route: 172.30.200.0/24 to <gateway – 192.168.20.224> to > 192.168.20.121**** > > ** ** > > 192.168.20.121 is the IP on a VPN appliance.**** > > ** ** > > Traffic from a client computer never gets routed to the VPN appliance. > This works on a Cisco 2800 without a problem, but I can’t get it working on > the SRX.**** > > ** ** > > Thanks,**** > > Bruce**** > > ** ** > > *Bruce Buchanan* > Senior Network Technician > Nexicom > 5 King St. E., Millbrook, ON, LOA 1GO > Phone: 705-932-4147 > FAX: 705-932-3027 > Cell: 705-750-7705 > Web: http://www.nexicom.net > *Nexicom – Connected. Naturally.***** > > [image: Click to call > me]<http://messaging.nexicom.net/demo/callme.html?Token=%2BMG4FqUv2NeHeDa1hskfYtfJuno3cQZPLYABdYJ%2FSzqBopBqHiON5tp2gJxEFzvYJEVgFhguIyM94VT%2F5gSYKQPnNXfHtvtV4SL6WuBmtmrG9lu3W5DQJcNnjVetEwcMmynAZcsFspCj4zNyGZPVNQ9cD3MGYjzhJDuAztmmlY30X%2BInJFzGAIlxND9W0RghG63yJ4vYC%2BrYtAv33AYFzjqErh1nzDUutVR6cmGs%2BS9ymGDFRZ80IXTOm%2FRWr5AdjBr4L8EUO6tadfT3JSWBZdN1U9hDimBYYZgNaSPOUFLZBq5uwsyU%2Bf67gYm0NPIV6kggg%2B59ypWRWTDccFUF6ph3msB0k83cnY3FAWynyM5w2BYZZQmFIXVBCTMjkE01ulNAUnyyZh%2BMLmKXuci9RmrF1kq7tvNcCOtEFvYckpBHUjyH6%2FtX9wjXqATwcmgNU7ZVPdG5JvhdwS4m5tlusg%3D%3D> > **** > > ** ** > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- "Genius might be described as a supreme capacity for getting its possessors into trouble of all kinds." -- Samuel Butler
<<image001.png>>
_______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp