Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Two wan connections, want one for internet and other for VPN

    Posted 01-22-2011 08:26

    I have setup two internet connections to an SSG 5. I setup two equal cost default routes which seems to be the only way I can get both interfaces active at once.

    I have ethernet0/0 using ISP1 and ethernet0/6 using ISP2. I have the VPN terminating on e0/6 and that is working. But I am trying to set the other as internet only but it seems the equal cost 0.0.0.0/0 is balancing the traffic.

     

     



  • 2.  RE: Two wan connections, want one for internet and other for VPN
    Best Answer

    Posted 01-22-2011 15:40

    You are correct that when you have two default routes in the same vrouter they get treated as a round robin and balance the traffic between the two interfaces.  You have two options to setup all internet traffic going out the one and using the other for VPN.

     

    Use policy based routing to forward the web related traffic from your internal segment to the desired connection.

     

    Create two vrouters so that each only has one default route for their respective circuit. Then put your internal segment onto the vrouter with the circuit you want to use for the internet.  And then create the tunnel to the second vrouter and setup internal routes between the two vrouters for it to reach the final destination network on the first vrouter.