I got a SRX220H device, using pppoe. My office got 2 internal networks, say like 192.168.100.0/24 and 192.168.200.0/24, after connected to pppoe server, each subnet will go out through one public IP, say like first subnet go out through public_IP1 and second subnet go out through public_IP2. This setting working fine with me.
However, while accessing some websites, it doesn't work properly (some works, some doesn't work). I through it was because the DNS server issues, but after change several DNS in SRX device, it still cant solve the problem. Moreover, there is a wireless modem, which some laptops can connect to it and go out to Internet, but some laptop doesn't able to connect to it. It is so weird.
In additional, I tried to use Mitokit routeros to replace the SRX device, all these problems do not appear. So I assume it is the SRX configuration issue. Some configuration shows below:
Anyone have some idea what's wrong with the config?
ps, merry xmas and happy new year 🙂
#####################################################
dhcp {
router {
192.168.1.1;
}
pool 192.168.1.0/24 {
address-range low 192.168.1.2 high 192.168.1.254;
}
pool 192.168.200.0/24 {
address-range low 192.168.200.100 high 192.168.200.200;
router {
192.168.200.254;
}
}
pool 192.168.100.0/24 {
address-range low 192.168.100.100 high 192.168.100.200;
router {
192.168.100.254;
}
}
propagate-settings ge-0/0/0.0;
}
}
#####################################################
pp0 {
unit 0 {
ppp-options {
pap {
default-password "$9$4nZGiQz6t0ItuclKM-dDikqT3";
local-name xxxxxxx;
local-password "$9$8XL7NbZGim5Fmf/tuOSydbsYJD";
passive;
}
}
pppoe-options {
underlying-interface ge-0/0/0.0;
idle-timeout 10;
auto-reconnect 1;
client;
}
family inet {
mtu 1492;
address 203.213.xxx.xxx/29;
}
}
}
###################################
routing-options {
static {
route 0.0.0.0/0 next-hop [ pp0.0 203.213.xxx.xxx ];
}
}
protocols {
stp;
}
security {
nat {
source {
pool ch-out-ip {
address {
"public_IP1"/32;
}
}
pool ofm-out-ip {
address {
"public_IP2"/32;
}
}
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
rule-set ch-nat {
from zone CH-zone;
to zone untrust;
rule ch-nat-rule {
match {
source-address 192.168.200.0/24;
destination-address 0.0.0.0/0;
}
then {
source-nat {
pool {
ch-out-ip;
}
}
}
}
}
rule-set ofm-nat {
from zone OFM-zone;
to zone untrust;
rule ofm-nat-rule {
match {
source-address 192.168.100.0/24;
destination-address 0.0.0.0/0;
}
then {
source-nat {
pool {
ofm-out-ip;
}
}
}
}
}
}
}