Hey All,
Quick question which im sure will be aswered quickly.
I have an SSG-5 with Two VR's configured. Each VR has its own internet connection and default gateway setup. The Inside Interface is connected to the Trust-VR.
I want the internet traffic to always go through the Untrust VR unless that internet is down in which case the traffic should flow out the Trust-VR
(Typically I do this the other way around and its super easy meaning all internet goes out Trust-VR and only on failure does it go to Untrust).
anyyyyyway. The issue is that I have to put a static 0.0.0.0/0 pointing to Untrust-VR in my Trust VR in order for the internet to flow into the Untrust-VR. This means that even if the default route in Untrust-VR goes down my static stays alive and keeps sending the traffic into a dead VR (Untrust-VR).
Is there a way I can dymicly remove the route pointig to the Untrust VR when the default route in Untrust-VR dies ( I dont want to use OSPF for specific reasons). I think the SSG have some sort of built in special redistribute rules.
anyway heres a quick look at the routing table 192.168.0.0/24 is the internal subnet
*********DIAGRAM because what I wrote is confussing as H*LL*************
Untrust-VR
* 0.0.0.0/0 next-hop 5.5.5.5 (ISP Gateway) Static
* 192.168.0.0/24 next-hop Trust-VR Static
Trust -VR
* 0.0.0.0 next-hop Untrust-VR cost 10 Static <--------- This is the route that never dies : (
0.0.0.0 next-hop 6.6.6.6 (ISP Gateway) cost 20 Static <---- Never kicks in because the static is always alive
* 192.168.0.0/24 next-hop LOCAL
THANKS!
Magraw