Routing
Reply
Visitor
bergschneider
Posts: 3
Registered: ‎06-29-2009
0

How to configure routing with two Untrust connections?

I have a Juniper SSG 140 with ScreenOS 6.1.0r4.0.There are two untrust connections, one symmetrical broadband connection, and one asymmetrical broadband connection. Our customer wants to channel all http and https traffic from a LAN in the trust zone to the asymmetrical untrust connection. In the attachment is a network map. How should i configure this routing?

Distinguished Expert
Screenie
Posts: 1,082
Registered: ‎01-10-2008
0

Re: How to configure routing with two Untrust connections?

Hi, you can set the default route to "alles andere" (symetric) and route HTTP, HTTPS with PBR, policy based routing. When using the gui set a access list to dst-port 80 or 443. Then fill in everything below it, bind to incomming interface.
best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Visitor
bergschneider
Posts: 3
Registered: ‎06-29-2009
0

Re: How to configure routing with two Untrust connections?

Hi Screenie, i already tried what you explained to me. The problem is now, when i whant to do a http or https access from the 192.168.1.20 station to the 192.168.200.1 station the access will be channeld to the untrust interface and not internally.
Distinguished Expert
Screenie
Posts: 1,082
Registered: ‎01-10-2008
0

Re: How to configure routing with two Untrust connections?

OK,  can't you write a second. PBR rule dedicated for this host?
best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Visitor
bergschneider
Posts: 3
Registered: ‎06-29-2009
0

Re: How to configure routing with two Untrust connections?

It is not only about the host. The 192.168.1.0/24 must have access to the 192.168.200.0/24 network.

I tried it with another PBR rule but it doesn´t work. Maybe  the order is an issue? I don´t know in which order this rules will be processed?

kind regards!

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.