SRX

Hi,

I will try and explain this as best as possible.....

RADIUS --> SRX1(Radius-VR) --> SRX1(Customer-VR) --> CORE --> LNS --> LAC --> CPE

The RADIUS could also access the internet via the core and the upstream provider. 

So, the policies between the Customer-VR and the Radius-VR are working exactly as I want them to. This means PPP authentication requests from the LNS to the RADIUS.

However, I have just been asked if I can allow Internet access from the Radius for repo updates. This will be via a separate route if it's possible.

Is there a way, on the SRX, that I can tell UDP ports 1812, 1813 and 1814 to go to the LNS while allowing the repository traffic to go via the core and upstream providers? Or will I have to perfform this action on the core itself?

Thanks

Hi Adgwytc,

So as per your last update, if you remove the default-policy then the traffic starts to drop which means that there is a specific polciy which is dropping it.

I would suggest you to put a simple flowtrace and see which policy is droping the packet throguh te SRX.

It is quite possible that the policy which is denying the traffic is sitting above the policy which should allow the ping.

regards,

Guru Prasad

HI,

If i understand corectly there is only one exit interface on the SRX to go to the Core and the internet.

And if the exit interface is connected to the core then unfortunately you will have to perform this on the core and not on the SRX.

However if there is a separate route or path available from the SRX itself then yes we can perform that on the SRX.

regards,

Guru Prasad

Hi G_prasad

Thank you. That is exactly where I expected I would have to perform this operation.

Is there documentation anywhere to describe the best way of completing this please?

Thanks

Hi,

You can use the below link to understand the way SRX can be used to forward traffic.

https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-filter-option-filter-based-forwarding-example.html

regards,

Guru Prasad