SRX

Hi guys, 

Got 2 SRX boxes in chassis cluster.. reth0.0 - Internet, reth1.0 Internal.

reth0.0 is in global instance and reth1.0 is in a routing instance. Source-natted out-going traffic from reth1.0 to reth0.0..

i.e. from routing-instance <internal instance> to zone <internet>...but unfortunately not workig..

Want to know if anyoe has tried this.. i.e. nating from a routing-instance to a global instance??

Thnks.

What method of connecting the global routing instance to the internet routing instance are you using?

There are multiple ways to make sure the routes and path are visible to the traffic.

Hi Spuluka,

Currently none. Is leaking of routes from d global table to custom routing instance table necesssary here?

If you want traffic to come into the SRX on one routing instance and leave via another routing instance then you do need to create a connection for this traffic on the device.

By default the routing instances maintain completely separate routing tables and packets cannot go between them unless you create the connection.

You can use three basic methods:

route leaking via rib groups

https://kb.juniper.net/InfoCenter/index?page=content&id=KB19787

logical tunnel interfaces to create a virtual interface connecting the two routing instances

https://kb.juniper.net/InfoCenter/index?page=content&id=KB21260

physical interfaces connected on the device each assigned to the two routing instances

Thanks Spuluka.

It worked!

You should be able to NAT from RI to MI. Look the overlapping subnets configuration and modify it to suite your environment

https://kb.juniper.net/InfoCenter/index?page=content&id=KB21286