Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Wan Interface is DHCP, the default gateway messes up my routing, anyway to ignore or overwrite it ?

    Posted 12-11-2009 11:34

    My WAN interface on a SSG5 is DHCP but I want all traffic from this router to go to the tunnel.1 interface.

     

    When the interface is set to DHCP, it pulls the default gateway which automatically gets put in the routing table as:

     

    0.0.0.0/0  76.xxx.xxx.xxx

     

    I want all traffic (except the tunnel traffic) to go to the tunnel. ie:

     

    0.0.0.0/0 tunnel.1

     

    The problem is any route I create gets trumped that by learned DHCP Default Route.

     

    Anyway to overwrite this or tell the firewall to ignore the default router ?



  • 2.  RE: Wan Interface is DHCP, the default gateway messes up my routing, anyway to ignore or overwrite it ?

    Posted 12-12-2009 11:15

    You can use two different virtual routers. Put your Untrust zone in the untrust-vr virtual router and put all your internal and vpn zones in the trust-vr.

    That way the untrust-vr will get its default route from DHCP so that the vpn connection can be established, while in the trust-vr you can create a default route that points to the tunnel interface.



  • 3.  RE: Wan Interface is DHCP, the default gateway messes up my routing, anyway to ignore or overwrite it ?
    Best Answer

    Posted 12-14-2009 04:57

    Thanks but I'm already using the untrust virtual router to provide a default route for our "Home Use" Vlan.

     

    What I ended up doing is editing the 'trust-vr' virtual router. (Under Network, Routing, Virtual Routing).

     

    I changed the default preference of connected network routes to 10.

     

    Then I created a default route to tunnel.1 with a preference of 5.

     

    This didnt seem to negatively affect anything else.