Thanks very much for your reply. With your help, my new RB5009 is now working. The key was "you don't have any NAT rule, you need to masquerade in srcnat chain with out.interface ether1." That is, of course, covered in the First Time Configuration wiki article, but evidently I didn't read ...

I am replacing a hEX Ethernet router (RB750Gr3) with a new RB5009UG+S+IN, and I am having some trouble configuring the RB5009. Here is a (simplified) network diagram of my existing network: The upgrade to the network is simply to replace the existing hEX with the new RB5009. Everything else remains ...