SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Problem of access website with dual ISP

    Posted 05-28-2012 08:24

    I hope someone can help me, because I reviewed the configuration and I can't find the failure..I am using a SRX240 with release 10.4r9.2, I have a website in internet, this server connect to internet via ISP1, the guests users connect to internet via ISP2, I am using a routing instance to redirect the traffic in dual ISP, when some guest user try to access my website is unreachable, but they can access to all websites, I have a policies that permit traffic between both zones, if I connect to guest users to another device they can reach the website

    I review policies that allows traffic between the zones

    Any idea what is my problem??
    .
    Thanks



  • 2.  RE: Problem of access website with dual ISP

    Posted 05-29-2012 05:53

    Hi,

     

    It seems that u have asymmetric routing here traffic exit from ISP2 and return back from ISP1. we already sure that traffic comes from ISP1 as you mentioned so we have to check outgoing traffic from which link.

     

    Could you try show route table <routing-instance-name> <website-IP-address> and see it is reachable via ISP1 or ISP2

     

    Regards,

     

    Mohamed Elhariry

     

    JNCIE-M/T # 1059, CCNP & CCIP

     

    ----------------------------------------------------------------------------------------------------------------------------------------

    If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!



  • 3.  RE: Problem of access website with dual ISP

    Posted 06-03-2012 22:43

    I am having the same issue and it is preventing me from FTP and accessing the SRX and my computer sits behind ge-0/0/0.

     

    The FBF works and I can surf the interent but anything else fails.  Do you have any other suggestions.

    The tech are saying I need to setup VR instead of FBF.  



  • 4.  RE: Problem of access website with dual ISP

    Posted 08-17-2012 10:16

    Hi Yipster222,

     

    Maybe this information can you help, I read in blogs about have configured policies to zone junos-host which protect to traffic from the self device, I tried to test but I still the problem, I am reviewing my configuration if is correct, maybe you can try apply this policies to resolve your issue, to made this configuration is necessary update to the release 11.4

     

    Regards



  • 5.  RE: Problem of access website with dual ISP
    Best Answer

    Posted 10-10-2012 18:22

    Hi all,

     

    The issue was resolved by JTAC with the next step:

     

    # Interface-routes & rib-groups are used to exchange the directly connected routes among the routing-instances.

    # In your case the forwarding-type routing-instance was receiving the routes of Public_IP_Address subnet via ge-0/0/1.

    # In order to make sure that the route lookup for the traffic coming from Guest_subnet subnet would lead to ISP-2, I deactivated the rib-groups containing interface-routes & put ge-0/0/2 in a separate routing-instance of virtual-type.