Routing
Highlighted
Routing

Asymmetric routing possible stateful inspection issue

‎07-16-2010 04:16 AM

Hi

 

I hope this is the right forum for this question.

 

I have just deployed a second J4350 connecting to an Intranet using BGP. This is our second router to connect to this Intranet. The first J4350 is running ver8 Junos and the new router is running ver 10 code. We have deployed EX3200 and SRX 210 connecting back to each J4350.

 

When connecting to both users had difficulties connecting to Internet web sites via the Intranet. I decreased the local-preference to the newer J4350 and it all seemed to work until one customer could connect to one website hosted on the Intranet but not another even though both are on the same subnet. I believe the issue is asymmetric routing i.e. the outbound path is via the older J4350 but the return path is via the newer one and that the inherent firewall in Junos 10 is killing the connection.

 

Has anyone seen this with J4350?

Is it possible top run the 4350 as a plain old router?

 

Any comments welcomed

 

thanking you in advance

 

Aindriu

4 REPLIES 4
Highlighted
Routing

Re: Asymmetric routing possible stateful inspection issue

‎07-16-2010 07:37 AM

Hi,

 

> Is it possible top run the 4350 as a plain old router?

 

Configuration for Junos with Enhanced Services to behave as Junos in Router Context

http://kb.juniper.net/index?page=content&id=KB11963

 

Understanding and Changing Secure and Router Contexts

http://www.juniper.net/techpubs/software/junos-security/junos-security10.0/junos-security-admin-guid...

 

Should help if it's the only problem there,

jtb

Routing

Re: Asymmetric routing possible stateful inspection issue

‎07-16-2010 08:45 AM

 Hi jtb

 

Thank you very much for the prompt response and for those references. Is there a particular reason why the routermode config is added in override. Can the changes not be added to the existing config? Or is it just best practice?

 

Regards

 

Aindriu

Highlighted
Routing
Solution
Accepted by topic author Hiber
‎08-26-2015 01:27 AM

Re: Asymmetric routing possible stateful inspection issue

‎07-16-2010 10:31 AM
Hi Aindriu,

no problem with just changing your current config. Follow the route mode config settings.

jtb
Highlighted
Routing

Re: Asymmetric routing possible stateful inspection issue

‎07-22-2010 06:27 AM

Hi jtb

 

That worked fine. No problems implementing just the firewall/security portions of the routermode config. And the issue with accessing websites was resolved.

 

Thanks for your help

Aindriu

Feedback