I found the issue. Seems it was related to the default nat state, using
interface ip nat overload (pat). I'm guessing since the interface ip is
used for the translations, it didn't match the interface ip on the
backup srx. once I changed from the default nat state, to use a pool, it
worked!
srx01...
Session ID: 765924, Policy name: default-permit/5, HA State: Active,
Timeout: 1800, Session State: Valid
In: 192.168.11.5/29276 --> 246.246.246.98/22;tcp, Conn Tag: 0x0, If:
ae2.0, Pkts: 21, Bytes: 1640, HA Wing State: Active,
Out: 246.246.246.98/22 --> 123.123.123.255/1029;tcp, Conn Tag: 0x0, If:
ae1.0, Pkts: 18, Bytes: 2712, HA Wing State: Active,
Total sessions: 1
-------------------------------------------------------------------------------------------------------------------------------------------------------
srx02... (see session is now present and marked Warm.)
Session ID: 658403, Policy name: default-permit/5, HA State: Warm,
Timeout: 14404, Session State: Valid
In: 192.168.11.5/29276 --> 246.246.246.98/22;tcp, Conn Tag: 0x0, If:
ae2.0, Pkts: 0, Bytes: 0, HA Wing State: Warm,
Out: 246.246.246.98/22 --> 123.123.123.255/1029;tcp, Conn Tag: 0x0, If:
ae1.0, Pkts: 0, Bytes: 0, HA Wing State: Warm,
Total sessions: 1
-Aaron
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
