Good Evening!
I have looked near everywhere for a solution to this problem however it doesnt seem anyone else has had the same issue.
We have installed a solution for a client that has dual ISPs connected to an SRX300. We want the primary circuit to failover to the secondary circuit should the primary circuit not be able to ping google.
Please see our below config:
test PRI_WAN_Ping {
probe-type icmp-ping;
target address 8.8.8.8;
probe-count 15;
probe-interval 1;
test-interval 3;
thresholds {
total-loss 10;
}
destination-interface ge-0/0/5
}
}
IP-Monitoring config:
policy Wan_Failover {
match {
rpm-probe PRI_WAN;
}
then {
preferred-route {
route 0.0.0.0/0 {
next-hop xxx.xxx.xxx.xxx; (this is the secondary ISP GW)
}
}
}
}
We have a default route sending all traffic to the primary ISP GW. The Primary ISP IP Address is configured on ge-0/0/5. The secondary ISP IP is configured on Ge-0/0/0. When we check the session flow with our destination prefix set to 8.8.8.8 we see the following:
Session ID: 6645, Policy name: self-traffic-policy/1, Timeout: 50, Valid
In: xxx.xxx.xxx.xxx/14 --> 8.8.8.8/50;icmp, Conn Tag: 0x0, If: .local..0, Pkts: 1, Bytes: 28,
Out: 8.8.8.8/50 --> xxx.xxx.xxx.xxx/14;icmp, Conn Tag: 0x0, If: ge-0/0/0.0, Pkts: 0, Bytes: 0,
Total sessions: 15
Both xxx.xxx.xxx.xxx in the above session are the primary ISP interface address but for some reason the reply is coming back on interface ge-0/0/0 which is the secondary line! Why is this? The secondary line is currently the active line of the two too even though the primary is up and working.
This is the current status of IP Monitoring:
RPM Probes:
Probe name Test Name Address Status
---------------------- --------------- ---------------- ---------
PRI_WAN PRI_WAN_Ping 8.8.8.8 FAIL
Route-Action:
route-instance route next-hop state
----------------- ----------------- ---------------- -------------
inet.0 0.0.0.0/0 xx.xx.xx.xx (secondary ISP LINE) APPLIED
Any ideas why the return packets are coming in on the wrong interface and why our device will switch to use the primary line as opposed to the secondary?
Any help would be amazing,
thanks!
------------------------------
Ryan Todd
------------------------------