SRX Services Gateway
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
ScottKovacik
Contributor
ScottKovacik
Posts: 22
Registered: ‎01-23-2009
0
Accepted Solution

SRX-210 Junos 10.0 setting the default route next-hop

Options

‎01-22-2010 08:11 AM

I should know this by now. I have an SRX-210 demo unit at home. I have cable broadband coming in as my internet connection. I do not have a static IP. My untrusted interface is set to pull it's address via DHCP. This is the easy part. Here is the problem, when you set up a default route you must put the next hop address as the gateway, which would be the ISPs gateway router. This is not an issue as long as my IP address doesn't change for some reason, if it does the next hop could potentially be wrong.

 

Is there a way to tell the SRX to route out the Untrusted interface without adding the next-hop address which could change? I tried using the untrusted interfaces IP address and the interface name itself example - ge-0;/0/0 as the gateway but I kept on getting an error "This is not a point to point link" Anyone, know how to get around this? You can do what I am talking about on ScreenOS devices.

Message 1 of 11 (33,168 Views)
 
Reply
Distinguished Expert Distinguished Expert
Distinguished Expert
aarseniev
Posts: 1,180
Registered: ‎08-21-2009

Re: SRX-210 Junos 10.0 setting the default route next-hop

Options

‎01-22-2010 11:55 AM

Hello there,

If I understand you correctly, are you saying your SRX is only getting an IP@ via DHCP and nothing else?

Last time I checked, DHCP is also capable of sending router address(es) to clients.

This is DHCP Option 3

http://www.networksorcery.com/enp/protocol/bootp/option003.htm

Rgds

Alex

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Message 2 of 11 (33,158 Views)
 
Reply
ScottKovacik
Contributor
ScottKovacik
Posts: 22
Registered: ‎01-23-2009
0

Re: SRX-210 Junos 10.0 setting the default route next-hop

Options

‎01-22-2010 12:05 PM

Yes, I believe there is that DHCP option. What I really want to know is how I can force all of my default traffic out an interface with a static route without having to add a next-hop IP Address? My untrusted interface address could change because it gets it's address via DHCP and it's gateway may change. If there isn't a way to add a static route with only the egress interface as the "destination", I'm ok with that as well. I will just set up the route with the next-hop IP address.

Message 3 of 11 (33,150 Views)
 
Reply
John_Burns
Contributor
John_Burns
Posts: 14
Registered: ‎06-10-2009

Re: SRX-210 Junos 10.0 setting the default route next-hop

Options

‎01-22-2010 01:12 PM

You should not need a static route. If you configure an interface as a dhcp client then you will get the default gateway automatically through dhcp. In order to see the route you would need to type the following command to verify

 

>show route forwarding-table

Message 4 of 11 (33,142 Views)
 
Reply
ScottKovacik
Contributor
ScottKovacik
Posts: 22
Registered: ‎01-23-2009
0

Re: SRX-210 Junos 10.0 setting the default route next-hop

Options

‎01-22-2010 01:51 PM

I should be able to find the  problem starting at the forwarding table. I will post my findings.

 

Thanks

Message 5 of 11 (33,135 Views)
 
Reply
MichaelZhao
Contributor
MichaelZhao
Posts: 12
Registered: ‎10-20-2009

Re: SRX-210 Junos 10.0 setting the default route next-hop

[ Edited ]
Options

‎01-24-2010 10:09 AM - edited ‎01-24-2010 10:11 AM

Hi Scott

 

Looks you have the similar problem as mine:

 

http://forums.juniper.net/t5/SRX-Services-Gateway/dhcp-client-can-t-get-default-route-in-created-vir...

 

I can get the default route if my interface in the default router, but if I move it to a custom created virtual router, then I can only get an IP.

Message 6 of 11 (33,048 Views)
 
Reply
Distinguished Expert
Distinguished Expert
Screenie
Posts: 942
Registered: ‎01-10-2008

Re: SRX-210 Junos 10.0 setting the default route next-hop

Options

‎01-24-2010 02:26 PM

I know it isn't the exact answer to the question, but there is a way to set a static route to dynamic gateway. You can add "resolve" to a route. When you do this you can define a gateway further away than one hop and the next-hop will be resolved. If you need the dynamic internet gateway you can use a known stable public IP (8.8.8.8, google's dns server ?) and the next hop will be resolved. Personally I'm not fond of rhis feature, but ir can become handy.

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Message 7 of 11 (33,036 Views)
 
Reply
Distinguished Expert Distinguished Expert
Distinguished Expert
aarseniev
Posts: 1,180
Registered: ‎08-21-2009

Re: SRX-210 Junos 10.0 setting the default route next-hop

Options

‎01-24-2010 10:02 PM

Screenie wrote:

I know it isn't the exact answer to the question, but there is a way to set a static route to dynamic gateway. You can add "resolve" to a route. When you do this you can define a gateway further away than one hop and the next-hop will be resolved. If you need the dynamic internet gateway you can use a known stable public IP (8.8.8.8, google's dns server ?) and the next hop will be resolved. Personally I'm not fond of rhis feature, but ir can become handy.

Yes you can use "resolve" to accomplish that but only if there is a specific route to 8.8.8.8/32 prefix in Your example.

If the only route in SRX routing table is  a connected one or 0/0 supplied via DHCP, the "set routing-options static route 0/0 next-hop 8,8,8,8 resolve" won't work.  The reason is that non-direct next-hop for a sttaic route must be resolved via more specific route than the static one being configured. This is to prevent recursive resolution loop.

Anyway, I think that if DHCP Option 3 is supplied in DHCP ACK then there is nothing to worry about, the 0/0 route will be installed. If not then there is a problem.

Rgds

Alex

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Message 8 of 11 (33,026 Views)
 
Reply
Distinguished Expert
Distinguished Expert
Screenie
Posts: 942
Registered: ‎01-10-2008
0

Re: SRX-210 Junos 10.0 setting the default route next-hop

Options

‎01-25-2010 02:22 PM

Thanks for making this clear Alex!

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Message 9 of 11 (32,989 Views)
 
Reply
ScottKovacik
Contributor
ScottKovacik
Posts: 22
Registered: ‎01-23-2009
0

Re: SRX-210 Junos 10.0 setting the default route next-hop

[ Edited ]
Options

‎03-01-2010 09:02 AM - edited ‎03-01-2010 09:03 AM

Thanks John, part of the issue was DHCP and I was able to verify what was being sent to me using the "show route forwarding-table. Also, I wiped out the default NAT settings when I factory reset the firewall. Once I reconfigured the firewall I was able to route correctly. Thanks everyone!!!

Message 10 of 11 (31,995 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.