Routing
Reply
Visitor
roy.kerns@newtms.com
Posts: 8
Registered: ‎04-12-2011
0
Accepted Solution

Routing 2 Wan Intefaces SRX 210

[ Edited ]

OK here what I am doing. I am attempting to switchf from one ISP to another on my SRX 210

I was given 2 blocks from the NEW ISP a /30 and a /28.

The /30 is essentially a Gateway block that all the traffic must traverse to get out to internet and that must be in place for the /28 block assinged to be reach able.

In the Mix I also have an SRX 100 that I use as just a head end for home office users Site To Site VPN Tunnels that currently has an External IP also from my old ISP.

The new ISP's Circuit was delivered in my IDF so I built a Vlan to carry that traffic back down to my MDF where my SRX's are.

 

THe immediate goal is to from the outside be able to ping the Gateway Address of the /30 block, the WAN address of the Srx 210 and the SRX 100. The the Two Srx external Interfaces are provisioned on their own seperate VLAN also and can Ping Each other.   Below is how I have it configured at the moment.

fe-0/0/7 {
    description ********;
    vlan-tagging;
    unit 0 {
        vlan-id 407;
        family inet {
            address **.***.203.14/30;
        }
    }
    unit 1 {
        vlan-id 408;
        family inet {
            address **.**.240.129/28;
        }
    }
}

screen untrust-screen;
host-inbound-traffic {
    system-services {
        ping;
        ike;
    }
}
interfaces {
    fe-0/0/2.0;
    ge-0/0/0.0;
    fe-0/0/7.0;
    fe-0/0/7.1;
}

 So Right Now from a complete external sourece I can ping the address on fe-0/0/7.0 but not the address fe-0/0/7.1

If I add the address from fe-0/0/7.1 to fe-0/0/7.0 I can ping it also but am unable to ping the SRX 100 then even after I make them all on the same VLAN.

 

Here is the Info from my ISP

External Interfaces

WAN Serial: XX.XXX.203.14
Subnet Mask: 255.255.255.252
Default Route for Router: XX.XXX.203.13 

This will be the path that all of your internet traffic takes to get out to the internet.

Internal Interfaces
Assigned LAN Netblock: YY.YYY.240.128/28
Subnet Mask: 255.255.255.240 
LAN Ethernet usable IPs: YY.YYY.240.130 - YY.YYY.240.142 You can use this on your LAN (PC, Workstation, Firewall, etc) 
           Default Gateway for LAN Netblock:YY.YYY.240.129
                This will be the IP that all devices use as a default route or gateway for your LAN back to the router.

 

What am I doing wrong?

 

Visitor
roy.kerns@newtms.com
Posts: 8
Registered: ‎04-12-2011
0

Re: Routing 2 Wan Intefaces SRX 210

I figured it out.  I had my security policy between the 2 vlans in my untrust zone incorrect. As soon as I corrected that traffic started to flow.

Contributor
IslamGulkhan
Posts: 42
Registered: ‎12-23-2010
0

Re: Routing 2 Wan Intefaces SRX 210

you need to configure both of the interfaces in the correct security zones. if an interface is not in any security zone, it will not communicate at all...

 

I hope this help.

 

Thanks

Islam
JNCIS, CCNP
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.