Hi,
ISP A and ISP B are on different security zones.
ISP A is on Internet Zone
ISP B is on Transmission-1 Zone
source NAT rule: FMS-ACCESS Rule-set: Production-to-Transmission-1
Rule-Id : 3
Rule position : 3
From zone : Production
To zone : Transmission-1
Match
Source addresses : 192.168.4.0 - 192.168.4.255
Action : interface
Persistent NAT type : N/A
Persistent NAT mapping type : address-port-mapping
Inactivity timeout : 0
Max session number : 0
Translation hits : 1129
Successful sessions : 1120
Failed sessions : 9
Number of sessions : 0
source NAT rule: internet-access Rule-set: Production-to-Internet
Rule-Id : 1
Rule position : 1
From zone : Production
To zone : Internet
Match
Source addresses : 192.168.1.0 - 192.168.1.255
192.168.2.0 - 192.168.2.255
192.168.10.0 - 192.168.10.255
192.168.3.0 - 192.168.3.255
Action : interface
Persistent NAT type : N/A
Persistent NAT mapping type : address-port-mapping
Inactivity timeout : 0
Max session number : 0
Translation hits : 62695743
Successful sessions : 62494524
Failed sessions : 201219
Number of sessions : 817
Those are on different Source NAT Rule set. So now they should be separated already.
------------------------------
KARANG DIKA KUSUMA
------------------------------
Original Message:
Sent: 04-29-2021 04:18
From: Ashvin
Subject: Connecting to 2 Different ISPs via SRX.345
Hi,
Are both ISPA and ISPB under the same security-zone?
The source nat is matching on destination-zone "Transmission-1".
If ISPB is not part of that security-zone another source nat rule-set matching the respective security-zone would be needed.
Cheers,
------------------------------
Ashvin
Original Message:
Sent: 04-29-2021 03:31
From: KARANG DIKA KUSUMA
Subject: Connecting to 2 Different ISPs via SRX.345
Hi,
I'm new to Networking and also Juniper Devices.
I have my environment shown below
I tried using configuration on this KB
[SRX] Source-based routing configuration example - Juniper Networks
and here is my configuration on SRX345
My VM on segment 192.168.2.0 and 3.0 are able to ping internet via ISP A, but i have VM on segment 192.168.4.0/24 that i want to direct the traffic via ISP B and they are able to ping ISP B (114.7.241.89) but unable to gain access internet eventhough i already give Source Nat
Is there any steps that i just missed or i did wrong? Please enlight me on this.
Thanks. Regards.
------------------------------
KARANG DIKA KUSUMA
------------------------------