Hello
I have a source-based routing problem that I am trying to get to the bottom of. Here goes…
I have two sites connected by a VPN using two SRX110 firewalls. The link is too slow for the video camera traffic coming from one of the sites so they have put a wireless link in as well which I have configured on a separate port on both SRX firewalls. The problem is that the client wants the camera traffic to go over the wireless link and all other traffic goes over the VPN.
I have tried to resolve this by using source-based routing where the SRX at site A routes all traffic destined for a camera IP address through the wireless route. At the other end the SRX at site B has a source-based route directing all traffic from the cameras through the wireless route.
Unfortunately I can’t get this to work. Here is the config:
SRX site A:
routing-options {
static {
route 0.0.0.0/0 next-hop <Internet gateway>;
route 10.0.7.15/32 (IP of camera) next-hop 192.168.1.11 (IP of remote SRX site B);
route 10.0.7.0/24 next-hop st0.1;
}
}
SRX site B (where cameras are installed):
show routing-instances
WiFi-Router {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.1.254 (IP of remote SRX site A);
}
}
}
show firewall
family inet {
filter WiFi-Filter {
term 0 {
from {
source-address {
10.0.7.15/32; (IP of one of the cameras)
}
}
then {
routing-instance WiFi-Router;
}
}
term 1 {
then accept;
}
}
}
filter accept {
term 0 {
then accept;
}
}
show routing-options
interface-routes {
rib-group inet WiFi-Router;
}
static {
route 0.0.0.0/0 next-hop at-1/0/0.0;
route 192.168.2.0/24 next-hop st0.0;
}
rib-groups {
WiFi-Router {
import-rib [ inet.0 WiFi-Router.inet.0 ];
}
}