Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
I have an SSG320M-SH (ScreenOS 6.1R2) that I am using for establishing BGP sessions with two different peers. Each peer has a different Private AS# assigned to me (65516 and 64875). I can't assign two different ASes to my firewall, so how do I advertise a different AS# to each of these peers?
DK
Hi, the only way that I know to configure various AS# to diferent peers it's to configure a Virtual Router per AS.
One you configure the other VR you can assing an AS different than the other.
Regards.
Thank you. I kind of figured out that I would need multiple VRs in order to assign multiple AS#s. But how do I share routing information from my multiple (BGP) VRs with my Trust VR? I will be routing traffic from my trust VR to these BGP peer networks, so I want to ensure that my Trust VR knows how to get to the networks at each of these BGP peers.
Regards,
you can export routing information from a vr to trust-vr by creating using the "export-to vrouter" commands
combine this with an access-list/route-map and you will have control over what you want to export to trust-vr
To do that you need to add import or export rules on the VRs. This are configured on the virtual router configuration page.
This KB article explain all the necesary steps.
http://kb.juniper.net/KB5942
Thaks again. I overlooked the Import/Export rules page in the GUI configuration. I think I have only used multiple virtual routers on one of these devices one other time.
Thanks again for the assistance.