SRX Services Gateway
Highlighted
SRX Services Gateway

Configuration guide needed for dual WAN interfaces on SRX650

‎04-20-2011 10:10 AM

Hi,

 

We are in the middle of configuring dual WAN interfaces, but I need some help.

 

I went through this link http://kb.juniper.net/InfoCenter/index?page=content&id=KB15545&smlogin=true, but our scenario is slightly different.

 

We do not need failover. The secondary WAN (Lan Extension) is basically for intensive network traffic such as database backup, which is between our COLO environment and our main office.

 

For example, let's say a storage device with IP 192.168.1.1 behind the SRX needs to going through this secondary WAN to reach another storage device with IP 172.16.1.1 behind our main network.

 

Since these two environments are the next hop for each other, I know all I need might be just static route. But I have consulted with Juniper engineer, and I was confirmed that firewall filter and routing instance is also needed in this case.

 

Anyone has any related document?

 

Thanks,

 

Jimmy

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: Configuration guide needed for dual WAN interfaces on SRX650

‎04-20-2011 12:46 PM

Well, it depends. If what you need to do is route to your colo and reach a defined subnet there, then it's really "just another interface" as far as SRX is concerned, and a destination route is all you need.

 

You say you don't need failover, and if you don't need a 2nd default route, KB 15545 would not be necessary. Otherwise, yes, KB 15545 would be your template that you can adjust to your needs.

 

Keep in mind that DHCP and IKE don't work in routing instances, as well as some other services that initiate from (or terminate on) the SRX itself.

 

Highlighted
SRX Services Gateway

Re: Configuration guide needed for dual WAN interfaces on SRX650

‎04-20-2011 01:13 PM

Thanks,

 

So you are saying all we need is a static route,right? Firewall filter and routing instance is not needed?

Highlighted
SRX Services Gateway

Re: Configuration guide needed for dual WAN interfaces on SRX650

‎04-20-2011 04:43 PM

If your intent is to reach one or more well-defined subnets via this second link, then yes, all you need is a static route. No filter-based forwarding needed.

 

You'll want to make sure that return traffic comes in the same way that your originating traffic left. SRX does not like asymmetric routing at all.

 

Without knowing which networks you are reaching, and what type of WAN links these are, and whether or not you are NATing etc I can't really be specific. But, in a nutshell: Route to your colo through your 2nd WAN link, and make sure traffic _from_ your colo also comes in that 2nd WAN link.