SRX

Expand all | Collapse all

Define and separate traffic by Policy

Jump to Best Answer
  • 1.  Define and separate traffic by Policy

     
    Posted 05-25-2018 02:35

    Hi,

     

    I will try and explain this as best as possible.....

     

    RADIUS --> SRX1(Radius-VR) --> SRX1(Customer-VR) --> CORE --> LNS --> LAC --> CPE

     

    The RADIUS could also access the internet via the core and the upstream provider. 

     

    So, the policies between the Customer-VR and the Radius-VR are working exactly as I want them to. This means PPP authentication requests from the LNS to the RADIUS.

    However, I have just been asked if I can allow Internet access from the Radius for repo updates. This will be via a separate route if it's possible.

    Is there a way, on the SRX, that I can tell UDP ports 1812, 1813 and 1814 to go to the LNS while allowing the repository traffic to go via the core and upstream providers? Or will I have to perfform this action on the core itself?

     

    Thanks



  • 2.  RE: Define and separate traffic by Policy

    Posted 05-25-2018 04:23

    Hi Adgwytc,

     

    So as per your last update, if you remove the default-policy then the traffic starts to drop which means that there is a specific polciy which is dropping it.

    I would suggest you to put a simple flowtrace and see which policy is droping the packet throguh te SRX.

    It is quite possible that the policy which is denying the traffic is sitting above the policy which should allow the ping.

     

    regards,

    Guru Prasad

     



  • 3.  RE: Define and separate traffic by Policy

    Posted 05-25-2018 04:32

    HI,

     

    If i understand corectly there is only one exit interface on the SRX to go to the Core and the internet.

    And if the exit interface is connected to the core then unfortunately you will have to perform this on the core and not on the SRX.

    However if there is a separate route or path available from the SRX itself then yes we can perform that on the SRX.

     

     

    regards,

    Guru Prasad

     

     



  • 4.  RE: Define and separate traffic by Policy

     
    Posted 05-25-2018 05:40

    Hi G_prasad

     

    Thank you. That is exactly where I expected I would have to perform this operation.

     

    Is there documentation anywhere to describe the best way of completing this please?

     

    Thanks



  • 5.  RE: Define and separate traffic by Policy
    Best Answer

    Posted 05-25-2018 05:53

    Hi,

     

    You can use the below link to understand the way SRX can be used to forward traffic.

     

    https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-filter-option-filter-based-forwarding-example.html

     

    regards,

    Guru Prasad