SRX

 View Only
last person joined: 7 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  add administrative distance to BGP route?

    Posted 28 days ago
    Edited by JOHN MUNOZ 28 days ago

    I have two IPSsec tunnels going to AWS on my primary internet connection.  I'd like to setup another pair of tunnels to AWS using my secondary internet connection.  The secondary is much slower than then primary so I'd like to make sure that it has a lower routing priority so that the tunnels with the faster internet is preferred.  

    How do I add an administrative distance to these routes?

    set interfaces st0.4 family inet address 169.254.166.22/30
    set interfaces st0.4 family inet mtu 1436
    set security zones security-zone trust interfaces st0.4 
    set security ipsec vpn vpn-0d3d1ub3-2 bind-interface st0.4

    set security zones security-zone untrust host-inbound-traffic system-services ike

    set security zones security-zone trust host-inbound-traffic protocols bgp

    set security flow tcp-mss ipsec-vpn mss 1379

    set protocols bgp group ebgp type external
    set protocols bgp group ebgp neighbor 169.254.166.21 export EXPORT-DEFAULT
    set protocols bgp group ebgp neighbor 169.254.166.21 peer-as 64512
    set protocols bgp group ebgp neighbor 169.254.166.21 hold-time 30
    set protocols bgp group ebgp neighbor 169.254.166.21 local-as 64912





  • 2.  RE: add administrative distance to BGP route?

    Posted 27 days ago

    I'm guessing the sample configuration you provided currently has only one of your connections, assuming you'll be adding a second one, with another BGP connection.

    With BGP, there are probably many ways to accomplish this. Here's one (both steps are needed):



    ------------------------------
    Nikolay Semov
    ------------------------------