SRX210 with Dual ISP

Piccolo · ‎07-24-2009

hi,

how can i make this to work ?

client1 lan -> isp1

client2 lan -> isp2

i have set the following :

set routing-options static route 0.0.0.0/0 next-hop isp1

set routing-options static route 0.0.0.0/0 next-hop isp2

then i have tried with snat rules, but but clients goes or isp1 or isp2 .....

please help....

wimclend · ‎04-03-2009

the easiest method would probably be by using virtual routers inside the SRX.

since its the SRX, you will also have to create some zones for each VR (I dont believe zones can transcend VR's ie zone 'trust' cant have interfaces in two different virtual routers I dont think)

and then in each routing instance at your static default route to the required next-hop

Piccolo · ‎07-24-2009

thanks,

i haved tried to set up virutal routers, but with no result. (i wasn`t able....)

could anyone please provide a sample of routing instances, virtual routers ?

i`m a junos newbee ...

tnhphuong · ‎07-25-2008

Using Filter Based Forwading the same name Policy based routing (screenOS).

BlazP · ‎11-05-2009

You can't have two active 0.0.0.0/0 routes in same routing instance.

I solved exact same problem with this:

http://forums.juniper.net/t5/SRX-Services-Gateway/Policy-based-routing-and-source-routing-on-srx210/...

Yipster222 · ‎02-24-2009

Look at KB 15545

layard · ‎12-06-2009

you can create two routing instances

### Routing Instances ###

routing-instances {
    Instance-ISP1 {
        routing-options {
            static {
                route 0.0.0.0/0 next-hop <ISP1_router_IP>;
            }
        }
    }

routing-instances {
    Instance-ISP2 {
        routing-options {
            static {

                route 0.0.0.0/0 next-hop <ISP2_router_IP>;
            }
        }
    }

### Firewall Filters ###

firewall {
    family inet {
        filter ISP-Filter {
            term TO-ISP1 {
                from {
                    source-address {
                        <client1_IP_Address/32>;
                    }
                }
                then {
                    routing-instance Instance-ISP1;
                }
            }

           term TO-ISP2 {
                from {
                    source-address {
                        <client2_IP_Address/32>;
                    }
                }
                then {
                    routing-instance Instance-ISP2;
                }
            }

term default {
then accept;
}

}

### Apply the filter to the LAN interface, Supose that the LAN interface is the ge-0/0/0 ###

ge-0/0/0 {
        unit 0 {
            family inet {
                filter {
                    input ISP-Filter;
                         }
                address <interface_IP_Address/24>;
            }
        }
    }

### import all rib ###

routing-options {
    interface-routes {
        rib-group inet default;
    }
    rib-groups {
        default {
            import-rib [ inet.0 Instance-ISP1.inet.0 Instance-ISP2.inet.0 ];
        }
    }

}

#####################

It should work!

LT

SRX210 with Dual ISP

Re: SRX210 with Dual ISP

Re: SRX210 with Dual ISP

Re: SRX210 with Dual ISP

Re: SRX210 with Dual ISP

Re: SRX210 with Dual ISP

Re: SRX210 with Dual ISP