Posted on 2013-12-31
I have created a small network for lab work that has 2 SRX100 and SSG20. All three are in the same OSPF area 0, and all can ping the loopbacks of each other, and other interfaces on those same devices. Very simple allow all policies. I have a laptop connected to one port on the SSG20, which has a PC ip of 10.10.11.10/24, and the eth0/1 (gateway) is 10.10.11.1/24.
This seems elementary, but before I configure a VPN, I assumed that everything should be pingable, and while the PC can ping everywhere, no other device, including the attached SSG20 can ping the PC. Seems that shouldn't be. I am not experienced with ScreenOS, but in all my searches, the basic configuration should work--and I do have a policy that allows that subnet to be reachable from anywhere.