SRX

Hello, I tried to configure a destination nat on TWO ISP to the same local destination address, i configure the primary default gateway in my routing table with the ISP-1 as a next-hop and the secondary default gateway with the ISP-2 as the next-hop.
 
The problem is that when i try to connect from the outside to the ip address of the secondary ISP i can't connect to the service, i can connect it just through the ISP-1, i inverted the primary and secondary Next-HOP and i get the same result but inverted.
 
Any ideas??

Have a look at this KB article. I think this is what you are trying to do.

http://kb.juniper.net/KB15545

-Richard

I solve it already... but yes, this was exactly what i did, the problem was that the interfases were configured in different zones and when it was trying to return the package back i received a "zone missmatch error(i saw it in the a flowtrace file". This is something that doesn't happen on the SSG (almost sure).

my flowtrace file:

Dec 15 18:46:13 18:46:12.987602:CID-1:RT:  route lookup: dest-ip orig ifp reth2.0 output_ifp reth1.0 orig-zone 10 out-zone 9 vsd 2
Dec 15 18:46:13 18:46:12.987602:CID-1:RT:

resource: http://kb.juniper.net/index?page=content&id=KB15545&smlogin=true

Regards,

Layard

Hey Guys,

One thing that didn't seem right is that Layard said both ISP interfaces needed to be in the same zone. However the Juniper KB article that he used (KB15545) shows both ISPs in different zones (security-zone isp1 and security-zone isp2).

Am I missing something here?

Thanks in advance,

Stef