I know how to do this, but it's lost in the cobwebs...
I just finished setting up a new SRX220 to replace an old ASA. It's connecting over a VPN tunnel to another ASA at our headquarters. I got all the routing working for client machines, but I'm trying to set up proxy DNS.
The problem is, the SRX can't reach the DNS server in our headquarters. The routes are there, and clients can get there. So, I did a little investigating, and the SRX can get to the network, it's just not sourcing correctly:
root> ping 172.27.1.30 PING 172.27.1.30 (172.27.1.30): 56 data bytes ^C --- 172.27.1.30 ping statistics --- 4 packets transmitted, 0 packets received, 100% packet loss root> ping 172.27.1.30 source 172.27.2.1 PING 172.27.1.30 (172.27.1.30): 56 data bytes 64 bytes from 172.27.1.30: icmp_seq=0 ttl=127 time=18.985 ms 64 bytes from 172.27.1.30: icmp_seq=1 ttl=127 time=37.656 ms 64 bytes from 172.27.1.30: icmp_seq=2 ttl=127 time=21.798 ms 64 bytes from 172.27.1.30: icmp_seq=3 ttl=127 time=18.964 ms 64 bytes from 172.27.1.30: icmp_seq=4 ttl=127 time=25.797 ms ^C --- 172.27.1.30 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 18.964/24.640/37.656/6.972 ms root>
How do I tell the SRX to source packets to that destination from the appropriate address/interface? I can't remember, and I can't get my search terms right to find it...