I have two Juniper SRX 300's.
Each have a VPN to Amazon VPC.
I have a VPN between the two SRX.
I have setup the following:
SRX-A has VPN with Amazon VPC.
- Resources on local network can access resources in VPC.
- Resources in the VPC can access resources on the local network.
SRX-B has VPN with Amazon VPC. Traffic worth both ways, without issue.
- Resources on local network can access resources in VPC.
- Resources in the VPC can access resources on the local network.
SRX-A has VPN with SRX-B.
- SRX-A can ping resources behind SRX-B.
- SRX-B can ping resources behind SRX-A.
- Resources behind SRX-A can ping resources behind SRX-B.
- Resources behind SRX-B cannot ping resources behind SRX-A.
I have a suspicion its the routing-options.
SRX-A
routing-options {
static {
route 10.0.0.0/16 next-hop [ st0.1 st0.2 ]; <-- Amazon VPC
route 0.0.0.0/0 next-hop xxx.xxx.xxx.xxx; <-- ISP Gateway
route 192.168.111.0/24 next-hop st0.3; <-- SRX-B
SRX-B
routing-options {
static {
route 0.0.0.0/0 next-hop xxx.xxx.xxx.xxx; <-- ISP gateway
route 192.168.222.0/24 next-hop st0.3; <-- SRX-A
route 10.0.0.0/16 next-hop [ st0.1 st0.2 ]; <-- Amazon VPC
Please point me in the correct direction.