SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  dual ISP scenario

    Posted 06-22-2011 04:48

    Hello! I'm trying to set up ISP in the following scenario SRX100 http://kb.juniper.net/InfoCenter/index?page=content&id=KB17223&actp=search&viewlocale=en_US&searchid=1294708451673&smlogin=true. The script works,but after the turn the filter on vlan.0 interface, I can not access the router via ssh or via the web not from the local network. Perhaps in this scenario, something not finish?



  • 2.  RE: dual ISP scenario

    Posted 06-22-2011 16:00

    Hi, 

     

    in this expample the traffic is forwarded to the different routing instances..., with port 22, 3389, 8080...

     

    Please take a look at the filter in this example mentioned....

    Traffic 22, 3389, 8080 is forwarded to ISP2...

     

    the other traffic is forwarded to ISP1

     

    where is your "router" located, on whitch isp ?

    Regards



  • 3.  RE: dual ISP scenario

    Posted 06-22-2011 20:23

    I use a different criterion to select the ISP. In the filter, instead of pointing destination-port source-address. Ie I need some ip addresses to be routed through one ISP, and the rest in another. Why, then, I can not access the router?



  • 4.  RE: dual ISP scenario

    Posted 06-22-2011 22:16

    I have a similar problem, so I gave up on this decision until



  • 5.  RE: dual ISP scenario
    Best Answer

    Posted 06-24-2011 04:29

    Problem solved. The filter must be defined port ssh. By default, the filter does not find a match it is dropping packets.



  • 6.  RE: dual ISP scenario

    Posted 07-07-2011 06:04

    belas80 ...

     

    What do you mean the filter must be defined port ssh? Will you give the example of your configuration that works?

     

    Thanks



  • 7.  RE: dual ISP scenario

    Posted 08-01-2012 11:32

    I adapted the solution that I found (http://www.juniper.net/us/en/community/junos/script-automation/library/event/enable-primary-nexthop/) via script. In summary, a test icmp is configured for a particular IP  and if no response the default route is changed.

     

    Address:

    FW Internal IP --> 10.1.1.1/24

    FW External IP --> 200.1.1.1/24  

    Gateway primary --> 200.1.1.254

    Gateway secontary --> 10.1.1.254

     

    Following description of the solution:

    1. Copy the script (change_route-default.slax) to the folder /var/db/scripts/event

    2. set the ip to be monitored. RPM monitor

      set services rpm probe internet-test test ping-google probe-type icmp-ping

      set services rpm probe internet-test test ping-google target address 8.8.8.8

      set services rpm probe internet-test test ping-google test-interval 5

      set services rpm probe internet-test test ping-google source-address 200.1.1.1

      set services rpm probe internet-test test ping-google thresholds successive-loss 6

      set services rpm probe internet-test test ping-google traps test-failure

      set services rpm probe internet-test test ping-google traps probe-failure

    3. Configure static route to the IP that will be monitored via the primary link.
      set routing-options static route 8.8.8.8/32 next-hop 200.1.1.254

    4. Sets policy events.

      # Policy to Link Primary

      set event-options policy enable_link-primario events ping_test_completed

      set event-options policy enable_link-primario within 30 trigger on

      set event-options policy enable_link-primario within 30 trigger 1

      set event-options policy enable_link-primario within 60 events ping_test_failed

      set event-options policy enable_link-primario then event-script change_route-default.slax arguments next-hop  200.1.1.254

      set event-options policy enable_link-primario then event-script change_route-default.slax output-filename foo

      set event-options policy enable_link-primario then event-script change_route-default.slax destination foo

       

      # Policy to Link Backup

      set event-options policy enable_link-backup events ping_test_failed

      set event-options policy enable_link-backup within 5 trigger on

      set event-options policy enable_link-backup within 5 trigger 1

      set event-options policy enable_link-backup within 20 events ping_test_completed

      set event-options policy enable_link-backup then event-script change_route-default.slax arguments next-hop 10.1.1.254

      set event-options policy enable_link-backup then event-script change_route-default.slax output-filename foo

      set event-options policy enable_link-backup then event-script change_route-default.slax destination foo

       

      set event-options destinations foo archive-sites /var/tmp

    5. Enable script.
      set event-options event-script file change_route-default.slax
       

    TROUBLESHOOTING

    run show services rpm probe-results test ping-google owner internet-test

    run show route

    run op url /var/db/scripts/event/change_route-default.slax