SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
Expand all | Collapse all

SRX-210 Junos 10.0 setting the default route next-hop

  • 1.  SRX-210 Junos 10.0 setting the default route next-hop

    Posted 01-22-2010 08:12

    I should know this by now. I have an SRX-210 demo unit at home. I have cable broadband coming in as my internet connection. I do not have a static IP. My untrusted interface is set to pull it's address via DHCP. This is the easy part. Here is the problem, when you set up a default route you must put the next hop address as the gateway, which would be the ISPs gateway router. This is not an issue as long as my IP address doesn't change for some reason, if it does the next hop could potentially be wrong.

     

    Is there a way to tell the SRX to route out the Untrusted interface without adding the next-hop address which could change? I tried using the untrusted interfaces IP address and the interface name itself example - ge-0;/0/0 as the gateway but I kept on getting an error "This is not a point to point link" Anyone, know how to get around this? You can do what I am talking about on ScreenOS devices.


    #default
    #next-hop
    #Route
    #SRX
    #dchp


  • 2.  RE: SRX-210 Junos 10.0 setting the default route next-hop

    Posted 01-22-2010 11:56

    Hello there,

    If I understand you correctly, are you saying your SRX is only getting an IP@ via DHCP and nothing else?

    Last time I checked, DHCP is also capable of sending router address(es) to clients.

    This is DHCP Option 3

    http://www.networksorcery.com/enp/protocol/bootp/option003.htm

    Rgds

    Alex



  • 3.  RE: SRX-210 Junos 10.0 setting the default route next-hop

    Posted 01-22-2010 12:05

    Yes, I believe there is that DHCP option. What I really want to know is how I can force all of my default traffic out an interface with a static route without having to add a next-hop IP Address? My untrusted interface address could change because it gets it's address via DHCP and it's gateway may change. If there isn't a way to add a static route with only the egress interface as the "destination", I'm ok with that as well. I will just set up the route with the next-hop IP address.



  • 4.  RE: SRX-210 Junos 10.0 setting the default route next-hop
    Best Answer

    Posted 01-22-2010 13:12

    You should not need a static route. If you configure an interface as a dhcp client then you will get the default gateway automatically through dhcp. In order to see the route you would need to type the following command to verify

     

    >show route forwarding-table



  • 5.  RE: SRX-210 Junos 10.0 setting the default route next-hop

    Posted 01-22-2010 13:51

    I should be able to find the  problem starting at the forwarding table. I will post my findings.

     

    Thanks



  • 6.  RE: SRX-210 Junos 10.0 setting the default route next-hop

    Posted 03-01-2010 09:03

    Thanks John, part of the issue was DHCP and I was able to verify what was being sent to me using the "show route forwarding-table. Also, I wiped out the default NAT settings when I factory reset the firewall. Once I reconfigured the firewall I was able to route correctly. Thanks everyone!!!



  • 7.  RE: SRX-210 Junos 10.0 setting the default route next-hop

    Posted 09-29-2010 04:12

    Do you mind posting your configuration?

    I would like to have an reference for my setup..

     

    I can ping the outside i.e www.google.com from the SRX, but the clients are not able to.



  • 8.  RE: SRX-210 Junos 10.0 setting the default route next-hop

    Posted 01-24-2010 10:10

    Hi Scott

     

    Looks you have the similar problem as mine:

     

    http://forums.juniper.net/t5/SRX-Services-Gateway/dhcp-client-can-t-get-default-route-in-created-virtual-router/td-p/33781

     

    I can get the default route if my interface in the default router, but if I move it to a custom created virtual router, then I can only get an IP.



  • 9.  RE: SRX-210 Junos 10.0 setting the default route next-hop

    Posted 01-24-2010 14:26

    I know it isn't the exact answer to the question, but there is a way to set a static route to dynamic gateway. You can add "resolve" to a route. When you do this you can define a gateway further away than one hop and the next-hop will be resolved. If you need the dynamic internet gateway you can use a known stable public IP (8.8.8.8, google's dns server ?) and the next hop will be resolved. Personally I'm not fond of rhis feature, but ir can become handy.



  • 10.  RE: SRX-210 Junos 10.0 setting the default route next-hop

    Posted 01-24-2010 22:03

    @Screenie wrote:

    I know it isn't the exact answer to the question, but there is a way to set a static route to dynamic gateway. You can add "resolve" to a route. When you do this you can define a gateway further away than one hop and the next-hop will be resolved. If you need the dynamic internet gateway you can use a known stable public IP (8.8.8.8, google's dns server ?) and the next hop will be resolved. Personally I'm not fond of rhis feature, but ir can become handy.


    Yes you can use "resolve" to accomplish that but only if there is a specific route to 8.8.8.8/32 prefix in Your example.

    If the only route in SRX routing table is  a connected one or 0/0 supplied via DHCP, the "set routing-options static route 0/0 next-hop 8,8,8,8 resolve" won't work.  The reason is that non-direct next-hop for a sttaic route must be resolved via more specific route than the static one being configured. This is to prevent recursive resolution loop.

    Anyway, I think that if DHCP Option 3 is supplied in DHCP ACK then there is nothing to worry about, the 0/0 route will be installed. If not then there is a problem.

    Rgds

    Alex



  • 11.  RE: SRX-210 Junos 10.0 setting the default route next-hop

    Posted 01-25-2010 14:23

    Thanks for making this clear Alex!