SRX Services Gateway
Highlighted
SRX Services Gateway

SRX-210 Junos 10.0 setting the default route next-hop

01.22.10   |  
‎01-22-2010 08:11 AM

I should know this by now. I have an SRX-210 demo unit at home. I have cable broadband coming in as my internet connection. I do not have a static IP. My untrusted interface is set to pull it's address via DHCP. This is the easy part. Here is the problem, when you set up a default route you must put the next hop address as the gateway, which would be the ISPs gateway router. This is not an issue as long as my IP address doesn't change for some reason, if it does the next hop could potentially be wrong.

 

Is there a way to tell the SRX to route out the Untrusted interface without adding the next-hop address which could change? I tried using the untrusted interfaces IP address and the interface name itself example - ge-0;/0/0 as the gateway but I kept on getting an error "This is not a point to point link" Anyone, know how to get around this? You can do what I am talking about on ScreenOS devices.

10 REPLIES
SRX Services Gateway

Re: SRX-210 Junos 10.0 setting the default route next-hop

01.22.10   |  
‎01-22-2010 11:55 AM

Hello there,

If I understand you correctly, are you saying your SRX is only getting an IP@ via DHCP and nothing else?

Last time I checked, DHCP is also capable of sending router address(es) to clients.

This is DHCP Option 3

http://www.networksorcery.com/enp/protocol/bootp/option003.htm

Rgds

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
SRX Services Gateway

Re: SRX-210 Junos 10.0 setting the default route next-hop

01.22.10   |  
‎01-22-2010 12:05 PM

Yes, I believe there is that DHCP option. What I really want to know is how I can force all of my default traffic out an interface with a static route without having to add a next-hop IP Address? My untrusted interface address could change because it gets it's address via DHCP and it's gateway may change. If there isn't a way to add a static route with only the egress interface as the "destination", I'm ok with that as well. I will just set up the route with the next-hop IP address.

SRX Services Gateway
Solution
Accepted by topic author ScottKovacik
‎08-26-2015 01:27 AM

Re: SRX-210 Junos 10.0 setting the default route next-hop

01.22.10   |  
‎01-22-2010 01:12 PM

You should not need a static route. If you configure an interface as a dhcp client then you will get the default gateway automatically through dhcp. In order to see the route you would need to type the following command to verify

 

>show route forwarding-table

SRX Services Gateway

Re: SRX-210 Junos 10.0 setting the default route next-hop

01.22.10   |  
‎01-22-2010 01:51 PM

I should be able to find the  problem starting at the forwarding table. I will post my findings.

 

Thanks

SRX Services Gateway

Re: SRX-210 Junos 10.0 setting the default route next-hop

[ Edited ]
01.24.10   |  
‎01-24-2010 10:09 AM

Hi Scott

 

Looks you have the similar problem as mine:

 

http://forums.juniper.net/t5/SRX-Services-Gateway/dhcp-client-can-t-get-default-route-in-created-vir...

 

I can get the default route if my interface in the default router, but if I move it to a custom created virtual router, then I can only get an IP.

SRX Services Gateway

Re: SRX-210 Junos 10.0 setting the default route next-hop

01.24.10   |  
‎01-24-2010 02:26 PM

I know it isn't the exact answer to the question, but there is a way to set a static route to dynamic gateway. You can add "resolve" to a route. When you do this you can define a gateway further away than one hop and the next-hop will be resolved. If you need the dynamic internet gateway you can use a known stable public IP (8.8.8.8, google's dns server ?) and the next hop will be resolved. Personally I'm not fond of rhis feature, but ir can become handy.

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
SRX Services Gateway

Re: SRX-210 Junos 10.0 setting the default route next-hop

01.24.10   |  
‎01-24-2010 10:02 PM

Screenie wrote:

I know it isn't the exact answer to the question, but there is a way to set a static route to dynamic gateway. You can add "resolve" to a route. When you do this you can define a gateway further away than one hop and the next-hop will be resolved. If you need the dynamic internet gateway you can use a known stable public IP (8.8.8.8, google's dns server ?) and the next hop will be resolved. Personally I'm not fond of rhis feature, but ir can become handy.


Yes you can use "resolve" to accomplish that but only if there is a specific route to 8.8.8.8/32 prefix in Your example.

If the only route in SRX routing table is  a connected one or 0/0 supplied via DHCP, the "set routing-options static route 0/0 next-hop 8,8,8,8 resolve" won't work.  The reason is that non-direct next-hop for a sttaic route must be resolved via more specific route than the static one being configured. This is to prevent recursive resolution loop.

Anyway, I think that if DHCP Option 3 is supplied in DHCP ACK then there is nothing to worry about, the 0/0 route will be installed. If not then there is a problem.

Rgds

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
SRX Services Gateway

Re: SRX-210 Junos 10.0 setting the default route next-hop

01.25.10   |  
‎01-25-2010 02:22 PM

Thanks for making this clear Alex!

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
SRX Services Gateway

Re: SRX-210 Junos 10.0 setting the default route next-hop

[ Edited ]
03.01.10   |  
‎03-01-2010 09:02 AM

Thanks John, part of the issue was DHCP and I was able to verify what was being sent to me using the "show route forwarding-table. Also, I wiped out the default NAT settings when I factory reset the firewall. Once I reconfigured the firewall I was able to route correctly. Thanks everyone!!!

SRX Services Gateway

Re: SRX-210 Junos 10.0 setting the default route next-hop

09.29.10   |  
‎09-29-2010 04:12 AM

Do you mind posting your configuration?

I would like to have an reference for my setup..

 

I can ping the outside i.e www.google.com from the SRX, but the clients are not able to.