SRX Services Gateway
Highlighted
SRX Services Gateway

SRX unable to reach internet - Routing Instances

[ Edited ]
‎05-16-2017 08:04 AM

Hello I am running an SRX firewall on which routing instances of type "virtual-router" are configured.

The LAN users can connect properly to the internet, however the SRX itself is not.

My topology includes two internet links.

 

Following is the routing configuration:

 

Interfaces{

reth1 {
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
}

unit 192 {
description Data;
vlan-id 192;
family inet {
address 192.168.1.15/24;
}
}

reth2 {
description Mobily-Link; ##ISP1
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet {
address y.y.y.94/30;
}
}
}
reth3 {
description Nournet-Link;##ISP2
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet {
filter {
}
address x.x.x.178/29;
}
}

 

routing-options {
interface-routes {
rib-group inet IMPORT-LAN;
}
static {
rib-group IMPORT-LAN;
route 10.10.10.0/24 next-hop 192.168.1.21;
route 10.10.11.0/24 next-hop 192.168.1.21;
route 10.10.12.0/24 next-hop 192.168.1.21;
route 10.10.13.0/24 next-hop 192.168.1.21;
route 10.10.30.0/24 next-hop 192.168.1.21;
route 10.10.50.0/24 next-hop 192.168.1.21;
route 10.10.60.0/24 next-hop 192.168.1.21;
route 10.10.70.0/24 next-hop 192.168.1.21;
route 10.10.15.0/24 next-hop 192.168.1.21;
}
rib-groups {
IMPORT-LAN {
import-rib [ inet.0 MOBILY.inet.0 NOURNET.inet.0 ];
}
IMPORT-NOURNET-MOBILY {
import-rib [ NOURNET.inet.0 MOBILY.inet.0 ];
import-policy Import-to-MOBILY;
}
IMPORT-MOBILY-NOURNET {
import-rib [ MOBILY.inet.0 NOURNET.inet.0 ];
import-policy Import-to-NOURNET;
}
}
forwarding-table {
indirect-next-hop;
}
}

 

policy-options {
policy-statement Import-to-MOBILY {
term 1 {
from {
route-filter x.x.x.176/29 exact;
}
then accept;
}
term 2 {
then reject;
}
}
policy-statement Import-to-NOURNET {
term 1 {
from {
route-filter y.y.y.92/30 exact;
}
then accept;
}
term 2 {
then reject;
}
}
policy-statement MasterImport {
from instance master;
then accept;
}
}

 

services {
rpm {
probe Probe-Nournet-Link {
test test-1 {
probe-type icmp-ping;
target address 8.8.8.8;
probe-count 5;
probe-interval 1;
test-interval 2;
thresholds {
successive-loss 2;
total-loss 4;
}
destination-interface reth3.0;
next-hop x.x.x.177;
}
}
probe Probe-Mobily-Link {
test test-2 {
probe-type icmp-ping;
target address 8.8.8.8;
probe-count 5;
probe-interval 1;
test-interval 2;
thresholds {
successive-loss 2;
total-loss 4;
}
destination-interface reth2.0;
next-hop y.y.y.93;
}
}
}


}
ip-monitoring {
policy NOURNET-Fail {
match {
rpm-probe Probe-Nournet-Link;
}
then {
preferred-route {
routing-instances NOURNET {
route 0.0.0.0/0 {
next-hop y.y.y.93;
}
}
}
}
}
policy MOBILY-Fail {
match {
rpm-probe Probe-Mobily-Link;
}
then {
preferred-route {
routing-instances MOBILY {
route 0.0.0.0/0 {
next-hop x.x.x.177;
}
}
}
}
}
}
}

 

 

Thank you in advance.

2 REPLIES 2
Highlighted
SRX Services Gateway

Re: SRX unable to reach internet - Routing Instances

‎05-16-2017 10:45 PM

Hi,

 

i'm not see any default route configured in your routing-instance and also in the main table.

 

 

Thanks

Highlighted
SRX Services Gateway

Re: SRX unable to reach internet - Routing Instances

‎05-17-2017 01:44 AM

Can you share "show route 8.8.8.8" aand "show route forwarding-table destination 8.8.8.8"

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too