I upgraded to firmware v.6.1.0r5.0 with no change to my problem.
With the ADSL interface and the bgroup both in the same (non-default) vrouter, there is no internet access. Even if I make the new vrouter the default router there is no access. If I route to the new vrouter from the default using next hop new vrouter, there is no internet access. The only way to get the DSL to work is to place it in the default original vrouter, which I am trying to avoid for reasons discussed earlier.
The only session activity I see when the bgroup and ADSL interfaces are in the new vrouter together is an attempt to make a DNS request as follows:
id 7374/s**,vsys 0,flag 00000040/0000/0001,policy 22,time 1, dip 0 module 0
if 9(nspflag 800801):192.168.201.100/57168->68.94.156.1/53,17,000bcd35eb14,sess
token 19,vlan 0,tun 0,vsd 0,route 1
if 21(nspflag 2800):192.168.201.100/57168<-68.94.156.1/53,17,000000000000,sess
token 17,vlan 0,tun 0,vsd 0,route 153
Here is the routing table for the new vrouter:
IPv4 Dest-Routes for <internet-vr> (5 entries)
--------------------------------------------------------------------------------
------
ID IP-Prefix Interface Gateway P Pref Mtr
Vsys
--------------------------------------------------------------------------------
------
* 153 0.0.0.0/0 adsl2/0 99.189.55.254 C 0 1
Root
* 1 192.168.201.0/24 bgroup0 0.0.0.0 C 0 0
Root
* 2 192.168.201.1/32 bgroup0 0.0.0.0 H 0 0
Root
* 152 99.189.55.22/32 adsl2/0 0.0.0.0 H 0 0
Root
* 151 99.189.55.22/32 adsl2/0 0.0.0.0 C 0 0
Root
ssg20->
Here is the policy to access the Untrust-2 ADSL from Trust-2 bgroup0:
22 Trust-2 Untrust-2 Any Any ANY Permit e
nabled ---XXX
Here are the interfaces:
ssg20-> get interface
A - Active, I - Inactive, U - Up, D - Down, R - Ready
Interfaces in vsys Root:
Name IP Address Zone MAC VLAN
State VSD
serial0/0 0.0.0.0/0 Null N/A -
D -
eth0/0 0.0.0.0/0 Untrust 0017.cbea.0040 -
D -
eth0/1 0.0.0.0/0 DMZ 0017.cbea.0045 -
D -
bgroup0 192.168.201.1/24 Trust-2 0017.cbea.0049 -
U -
eth0/2 N/A N/A N/A -
U -
bgroup1 192.168.200.1/24 Trust 0017.cbea.004a -
U -
eth0/3 N/A N/A N/A -
U -
bgroup2 192.168.202.1/24 Trust 0017.cbea.004b -
U -
eth0/4 N/A N/A N/A -
U -
bgroup3 0.0.0.0/0 Trust 0017.cbea.004c -
D -
serial1/0 0.0.0.0/0 Untrust N/A -
U -
serial1/0.1 64.216.165.118/30 Untrust N/A -
U -
adsl2/0 99.189.55.22/32 Untrust-2 0017.cbea.0055 -
U -
vlan1 0.0.0.0/0 VLAN 0017.cbea.004f 1
D -
null 0.0.0.0/0 Null N/A -
U 0
ssg20->
I am not sure what to try next other than to open a case with Juniper. Any thoughts are appreciated. Thanks.