ScreenOS Firewalls (NOT SRX)
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
orant 122
Visitor
orant 122
Posts: 3
Registered: ‎06-15-2011
0
Accepted Solution

OSPF route redistribu​tion

Options

‎05-08-2012 06:42 AM

hi community

 

hope some help !

 

i have 3 SSG320 each one have trust-vr & untrust-vr ,the DR SSG is connected to the others through ospf and its working

fine but after configure redistribu​tion from the connected network in DR-ssg it dosn't showing in routing table in the other SSG320  

 

thanks in advance

Message 1 of 5 (1,489 Views)
 
Reply
Distinguished Expert
Distinguished Expert
Screenie
Posts: 942
Registered: ‎01-10-2008
0

Re: OSPF route redistribu​tion

Options

‎05-08-2012 02:09 PM

Hi Orant,

 

You don't give much details, so some guessing from my side. Your talking just about redistribution in a dual VR config. Did you also configure export from trust-vr to untrust-vr? Are the routes you want to distribute visable in the same vr ospf is running?

 

 

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Message 2 of 5 (1,484 Views)
 
Reply
orant 122
Visitor
orant 122
Posts: 3
Registered: ‎06-15-2011
0

Re: OSPF route redistribu​tion

Options

‎05-09-2012 12:58 AM

hi screenice

 

thanks for your replay ,yes i think my post not clear

i configure ospf between 3 ssg through the untrust-vr and its working fine ,but when adding and export the connected network in trust-vr to OSPF in untrust-vr it dosen't work .

 

trust-vr conf

set access-list 10 set access-list 10 permit ip 12.0.0.0/24 101

 set access-list 10 permit ip 13.0.0.0/24 102

 set access-list 10 permit ip 14.0.0.0/24 104

 set route-map name "dist" permit 101 set match ip 10

 exit

 set route-map name "dist" permit 102 set match ip 10

exit

set route-map name "dist" permit 103 set match ip 10

 exit

set export-to vrouter "untrust-vr" route-map "dist" protocol ospf

unset add-default-route

 

untrust-vr conf

set vrouter "untrust-vr" set protocol ospf set enable

set area 0.0.0.20

 exit

 set vrouter "untrust-vr"

exit

set interface ethernet0/1 protocol ospf area 0.0.0.20 set interface ethernet0/1 protocol ospf enable set interface ethernet0/1 protocol ospf cost 100



hoping its clear and thanks for advance

 

 



Message 3 of 5 (1,475 Views)
 
Reply
Trusted Contributor
nikolay.semov
Posts: 160
Registered: ‎03-15-2012
0

Re: OSPF route redistribu​tion

Options

‎05-09-2012 04:57 AM

Well, you're exporting only OSPF routes from trust vr to untrust vr. There's no mention on what to do with connected routes.

So, if I understand what you're trying to do correctly, you to 1) export "connected" routes from trust vr to untrust vr (say protocol connected instead of protocol ospf), and 2) in untrust vr redistribute "imported" routes into ospf (you'll need to define access list and route map in there, too).

Also, in your route map, entries 102 and 103 are redundant.
Message 4 of 5 (1,464 Views)
 
Posted from Palm Pre2
Reply
orant 122
Visitor
orant 122
Posts: 3
Registered: ‎06-15-2011
0

Re: OSPF route redistribu​tion

Options

‎05-09-2012 05:29 AM

hi nikolay

 

 

thanks for your replay , i found my mistaks  and working fine now

 

 

 

Message 5 of 5 (1,458 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.