Не получается настроить ppoe соединение на juniper srx100
пингуется только шлюз провайдера. а остальные, такие как 8.8.8.8 нет.
не понимаю в чем дело.
конфиг
interfaces {
fe-0/0/0 {
description "To RosTelecom MPLS net (zone mpls)";
unit 0 {
family inet {
address 172.16.2.188/29;
address 172.16.2.185/29;
address 172.16.2.187/29;
}
}
}
fe-0/0/1 {
description "To LAN with internet access (zone inet)";
unit 0 {
family inet {
address 192.168.1.252/24;
}
}
}
fe-0/0/2 {
unit 0 {
family inet {
address 10.14.2.2/24;
}
}
}
fe-0/0/3 {
unit 0 {
family inet {
address 10.214.2.1/28;
address 10.214.2.3/28;
}
}
}
fe-0/0/4 {
unit 0 {
family inet {
address 10.214.2.136/25;
}
}
}
fe-0/0/7 {
unit 0 {
encapsulation ppp-over-ether;
}
}
pp0 {
unit 0 {
ppp-options {
chap {
default-chap-secret "#######"; ## SECRET-DATA
local-name *******;
passive;
}
}
pppoe-options {
underlying-interface fe-0/0/7.0;
idle-timeout 0;
auto-reconnect 5;
client;
}
family inet {
mtu 1492;
negotiate-address;
}
}
}
}
routing-options {
static {
route 172.16.0.0/16 next-hop 172.16.2.190;
route 10.0.0.0/8 next-hop 172.16.2.190;
route 0.0.0.0/0 next-hop pp0.0;
}
}
security {
nat {
source {
rule-set NAT-INET-TO-UNTRUST {
from zone inet;
to zone untrust;
rule PAT-INTERFACE {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
static {
rule-set mpls-out {
from zone mpls;
rule mpls-out-rule {
match {
destination-address 172.16.2.187/32;
}
then {
static-nat prefix 10.214.2.4/32;
}
}
}
}
}
policies {
from-zone inet to-zone untrust {
policy inet-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
default-policy {
permit-all;
}
}
zones {
security-zone mpls {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
fe-0/0/0.0;
}
}
security-zone inet {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
fe-0/0/1.0;
}
}
security-zone terminals {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
fe-0/0/3.0;
fe-0/0/2.0;
fe-0/0/4.0;
}
}
security-zone untrust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
fe-0/0/7.0;
pp0.0;
}
}
}
}
с виду ничего ошибочного я не вижу.
сложность в том, что еще на нем mpls настроен.
буду очень благодарен за помощь.