I have a issue with two default route on SSG FW.
HQ have a Juniper SSG550 and E0/1 public IP address 126.96.36.199/24 in Untrust Zone，E0/2 public IP address 188.8.131.52/24 in Untrust Zone.
There have two default route ：
set route 0.0.0.0/0 interface ethernet0/1 gateway 184.108.40.206
set route 0.0.0.0/0 interface ethernet0/2 gateway 220.127.116.11 metric 10
So, Any traffic from Trust to Untrust（To Internet）will pass through interface E0/1.
All right, This is a normal action.
Now, Our other site have a juniper SSG20 which have a public address 18.104.22.168/24 on interface E0/0 . (set route 0.0.0.0/0 interface ethernet0/0 gateway 22.214.171.124)
We want routed-base vpn redundant between SSG550 and SSG20.
When I ping SSG550 E0/1 address 126.96.36.199 on SSG20, it's OK!
When I ping SSG550 E0/2 address 188.8.131.52 on SSG20, it's OK !!!! Why？？？
Is SSG550 recive the icmp request from E0/2 and lookup routing-table return this packet to E0/1 ?
But After I delete the second default route(unset route 0.0.0.0/0 interface ethernet0/2 gateway 184.108.40.206 metric 10)，the ping failure(SSG 20 do not ping 220.127.116.11)
Anybody help me ?
Can you provide the output from SSG550 of command:
The simpliest way to work around this issue is to install two identical routes to the remote gateway out of both providers. This will allow both to respond and setup tunnels to the remote office.
set route 18.104.22.168/32 interface ethernet0/1 gateway 22.214.171.124
set route 126.96.36.199/32 interface ethernet0/2 gateway 188.8.131.52
© 1999 - 2019 Juniper Networks, Inc.
All rights reserved