Good morning!
I am currently working on a SRX1500, and I am trying to bridge the gap in communication from one interface to another on my device.
ge-0/0/2 has been assigned to a zone called LR23 and i am trying to get it to communicate with a device on port ge0/0/12.99. From the SRX device i can send a icmp packet from ge-0/0/2.0 to my device on the other side of the ge-0/0/12.99. When i send a icmp packet from ge-0/0/12.99 to a client machine on the other side of ge-0/0/2 i get 100 percent replys. The users on the other side of ge-0/0/12.99 report that they cannot ping the 192.168.99.x address of the device they are trying to access. But they are able to hit the gateway address established on port ge-0/0/2.
If icmp can work its way from one end to the other within this boundary of the network why would their clients not be able to reach beyond the external interface ge-0/0/2 into ge-0/0/12.99?
here is a snippet fro mthe SRX1500 modified slightly to protect specific information.
set security nat source rule-set vlan99-to-LR23 from routing-instance LR23
set security nat source rule-set vlan99-to-LR23 to interface ge-0/0/2.0
set security nat source rule-set vlan99-to-LR23 rule vlan99-NAT match source address 192.168.99.0/24
set security nat source rule-set vlan99-to-LR23 rule vlan99-NAT then source-nat interface
set security nat source rule-set LR23-to-vlan99 from routing-instance LR23
set security nat source rule-set LR23-to-vlan99 to interface ge-0/0/12.99
set security nat source rule-set LR23-to-vlan99 rule LR23-NAT match source address 10.45.45.0/24
set security nat source rule-set LR23-to-vlan99 rule LR23-NAT then source-nat interface
set security policies from-zone vlan99 to-zone LR23 policy allow-outbound match source-address vlan99
set security policies from-zone vlan99 to-zone LR23 policy allow-outbound match destination-address any
set security policies from-zone vlan99 to-zone LR23 policy allow-outbound match application any
set security policies from-zone vlan99 to-zone LR23 policy allow-outbound then permit
set security policies from-zone LR23 to-zone vlan99 policy allow-inbound match source-address any
set security policies from-zone LR23 to-zone vlan99 policy allow-inbound match destination-address any
set security policies from-zone LR23 to-zone vlan99 policy allow-inbound match application any
set security policies from-zone LR23 to-zone vlan99 policy allow-inbound then permit
set security zones security-zone LR23 host-inbound-traffic system-services all
set security zones security-zone LR23 host-inbound-traffic protocols all
set security zones security-zone LR23 interfaces ge-0/0/2.0
set security zones security-zone vlan99 host-inbound-traffic system-services all
set security zones security-zone vlan99 host-inbound-traffic protocols all
set security zones security-zone vlan99 interfaces ge-0/0/12.99
set interfaces ge-0/0/2 description " "
set interfaces ge-0/0/2 unit 0 description " "
set routing-options rib-groups RIB_LR23 import-rib LR23.inet.0
set routing-options rib-groups RIB_LR23 import-rib Repository.inet.0
set routing-options rib-groups RIB_LR23 import-rib Virtual.inet.0
set routing-options rib-groups RIB_Virtual import-rib LR23.inet.0
set routing-instances LR23 description " Words are here "
set routing-instances LR23 instance-type virtual router
set routing-instances LR23 interface ge-0/0/2.0
set routing-instances LR23 interface ge-0/0/12.99
set routing-instances LR23 routing-options interface-routes rib-group inet RIB_LR23
set routing-instances LR23 routing-options static route 0.0.0.0/0 next-hop 192.168.99.0
I look forward to any replys to this post 
. I am eager to see what others might thing the issue might be.
- David