Make sure you have: host-inbound-traffic protocols ospf
configured under the security zone for your reth interface On 23 Jan 2014, at 3:58 pm, Samol <molas...@gmail.com> wrote: > Hi List, > > I've got not another problem with ospf neigh. As the topo below, SRX and MX > can reach each other by ping, but ospf neig can't form. > > MX (ae0.88)------------------(pt-1/0/0.0) SRX > > I did the investigation on SRX and I found that SRX is sending/receiving > ospf hello message. > > Time Filter Action Interface Protocol Src Addr > Dest Addr > 18:37:46 pfe A pt-1/0/0.0 OSPF 172.16.161.1 > 224.0.0.5 > 18:37:44 OSPF-DEBUG A local OSPF 172.16.161.2 > 224.0.0.5 > 18:37:38 pfe A pt-1/0/0.0 OSPF 172.16.161.1 > 224.0.0.5 > 18:37:35 OSPF-DEBUG A local OSPF 172.16.161.2 > 224.0.0.5 > 18:37:29 pfe A pt-1/0/0.0 OSPF 172.16.161.1 > 224.0.0.5 > 18:37:26 OSPF-DEBUG A local OSPF 172.16.161.2 > 224.0.0.5 > > However, on MX side, It's sending the hello message, but it's not receiving > hello message that SRX ACKs. that leads to OSPF state in INIT state on SRX > side, and no neigh status on MX side. Looking in to ae interface statistics > , get the result as below : > > Link: > ge-1/0/0.88 > Input : 0 0 0 0 > Output: 62551 0 6804562 0 > ge-1/0/1.88 > Input : 882 0 287932 0 > Output: 0 0 0 0 > > it's using one link to send and another to receive. Surely, OSPF message > that sending from SRX is being dropped somewhere in the middle, however why > is it not dropping ICMP message ? Any idea is really appreciated. > > Regards, > > > > -- > Samol Khoeurn > (855) 077 55 64 02 / (855) 067 41 88 66 > Network Engineer > Cisco: CCNA/CCNP SP/CCIP/ > Juniper: JNCIA/JNCIS-ENT,SP,SEC/JNCIP-ENT > www.linkedin.com/in/samolkhoeurn > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp