Hello,
I have tried to figure out by reading the manual, but I am still unsure,so I was hoping to get hold of a valid example.
Situation:
Site a: 1.1.0.0/16 and 2.2.0.0/16 Juniper SRX in chassis cluster, official IP 20.21.22.23
Site b: 3.3.0.0/16 and 4.4.0.0/16 Checkpoint, official IP 24.25.26.27
Need/want to connect over internet using the official IP using VPNs.
We seem to have awoken the strange gods of VPNs,and get security associations using proxyids
using four VPNs,
st0.2 proxy 1.1.0.0 to 3.3.0.0
st0.3 proxy 2.2.0.0 to 3.3.0.0
st0.4 proxy 1.1.0.0 to 4.4.0.0
st0.5 proxy 2.2.0.0 to 4.4.0.0
And using any/any/any policies I can get traffic across the first and third, using static routes like
route 3.3.0.0 next-hop st0.2
route 4.4.0.0 next-hop st0.4
Coming from a screenos background, I thought it would be a not terribly difficult matter to build source routing
steering traffic from 2.2.0.0 to the odd numbered interfaces, but I am stumped.
Do I use policy-filter, routing policies or something else ?
How would such a solution look ?
( Keep in mind, there are actually more than two nets in each direction, but not very many more. ( 3 and 8 ) )
Thankful for any help,
Tommy