SRX

Hello All,

I am configuring my first SRX cluster, and have a question about setting the system default router and routing for the reth interfaces.

I have used the SRX650 Cluster KB15503 and TN79 as my guides for the base setup.  However it is unclear to me, given my environment (shown in the attached JPG), how to set the system backup-router statements for the nodes.

Should the system backup-router statement (as shown in TN79) be configured with the IP address of the EX4200VC (10.x.x.20/22 in the diagram)?

Do I need a separate VR to contain the routing for the reth 0.0 network to ensure proper routing for the machines in the Trust Zone.

Any suggestions would be greatly appreciated.  

JPG is missing, please attach.

thanks

raheel

Firstly the backup-router statement only applies to the secondary node for RG0 as secondary does not own rpd thus cannot perform route lookup. If managing from 10.x.x.x/22 network then backup-router statement is not needed. But if managing from a remote network, then you would need backup-router configuration. Based on your diagram, you would configure something like below:

set system backup-router 10.x.x.20 destination <remote-ip-subnet>

Also since your trust network seems to overlap your fxp0 network, then you will need to have reths in a separate virtual router type routing-instance. Just remember that you cannot terminate an IPSec tunnel from an interface in a routing-instance at this time.

-Richard

What if , I am not using an overlap network for fxp's but it has to be reached remote network which is doesnt reachable by any forwarding interface (fxp 172.16.0.1-2/24  nsm 192.168.168.1/24 ) .

passive nodes  RE wil be  reachable but first node will not (cause of the working active RE  didnt know 192.168.168.1 is will sent to the default   route ) 

I am doing a POC and facing this issue recently 

erdinc