Hi
@spuluka wrote:
In site B on SRX 2
deactivate the default route to ISP link 2
deactivate routing-options static route 0.0.0.0/0 next-hop x.x.x.x
Add a default route to radio route B
set routing-options static route 0.0.0.0/0 next-hop x.x.x.x
In site B on radio router B
Add a default route to radio router A
In Site A on SRX 1
Expand or Add a policy that allows radio A interface zone to untrust for internet traffic
Expand or add a NAT policy from radio A interface zone to untrust for internet traffic
I assume that there is already a route to reach the server subnet from site A to site B in place.
Thanks for your reply.
I'm still strugling with some configurations (sorry, i'm kinda newbie in Juniper universe), i'll try to explain where i'm stucked based on your previous reply (my comments goes in blue).
deactivate the default route to ISP link 2
deactivate routing-options static route 0.0.0.0/0 next-hop x.x.x.x
- Done. There's only one route from 0.0.0.0/0 (print_1.jpg)
Add a default route to radio route B
set routing-options static route 0.0.0.0/0 next-hop x.x.x.x
- Done. There's only one route from 0.0.0.0/0 (print_1.jpg)
In site B on radio router B
Add a default route to radio router A
- OK, there's already a route between these two routers that communicate SITE A to SITE B. I can ping from both SRX to the router on the other side. (print_2.jpg)
In Site A on SRX 1
Expand or Add a policy that allows radio A interface zone to untrust for internet traffic
- Here is where i'm getting trouble. I don't know exactly how to do that in my SRX devices. Could you guide me a little more on this topic?
Expand or add a NAT policy from radio A interface zone to untrust for internet traffic
- Same as above.
If i understood correctly, Juniper SRX is a zone based firewall, so i don't have much experience in these kind of equipment.
I assume that there is already a route to reach the server subnet from site A to site B in place.
- Yes, there is. I can ping from SRX SITE A to the SRX SITE B subnet lan interface which is the gateway IP address for the server. (print_3.jpg)
Hope i'm not bein abusive of your good will, but i'll be very thankful if you can help me a little more.
Regards.