SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Two Internet connections switching over

    Posted 06-12-2015 06:59

    Juniper SRX 210H

     

    We currently have a T-1 but are moving over to fiber optics.  Unfortunately, this requires a static IP change from the ISP.  We have 21 VPN connections with various clients that will require the IP address change on their router.  Clearly, this is not something we can do over night.  The ISP has decided to allow us to use both internet connections simultaneously until we can switch everything over.

     

    Question:  I'm pretty sure the juniper can handle two ISP connections.  Can someone show an example how?  Or is there a document I missed? 

     

    The VPN's are IPSEC tunnels.  Will I need to make a config change in the juniper for it to know "use this connection for VPN request, not that one"?

     

    Thank you all.

     

    JamesNT



  • 2.  RE: Two Internet connections switching over
    Best Answer

     
    Posted 06-12-2015 07:44

    HI,

     

    i would start with setting static routes for the 21 vpn's you have over the old connection. Then when you move your default gw to the new connection all the vpn's will stay up.

     

    Then you can start changing the vpn's one by one. When a customer is ready to change their side of the vpn to the new ip on your side you will remove the static route for that vpn connection.

     

    You need to make a change to the external interface on your side when you move the vpn to the new uplink:

     

    lets say at this moment you use ge-0/0/0.0 as external interface. With the new connection that could be ge-0/0/2.0

     

    gateway ike-gw-custone {
        ike-policy ike-policy-stipte;
        address ip.of.customer.side;
        external-interface ge-0/0/0.0;
        version v2-only;
    }

     

    You need to change the external-interface to the new interface for your fiber connection

     

    gateway ike-gw-custone {
        ike-policy ike-policy-stipte;
        address ip.of.customer.side;
        external-interface ge-0/0/1.0;
        version v2-only;
    }

     

     

    And you are done!!!

     

    Hope this helps a bit



  • 3.  RE: Two Internet connections switching over

    Posted 06-13-2015 10:01

    The new fiber connection was plugged in to ge-0/0/0 and the old T1 was moved to fe-0/0/2.  fe-0/0/1 is still th internal LAN.

     

    The new fiber is up and working.  I changed fe-0/0/2 from

     

    fe-0/0/2 {

         unit 0{

              family ethernet-switching{

                    vlan{

                          members vlan-trust;

    }}}}

     

    to

     

    fe-0/0/2 {

         unit 0{

              family inet {

                     address old.static.ip.address;

    }}}}

     

    So it can handle the old T1.

     

    I also changed the gateways on all the VPN's from ge-0/0/0 to fe-0/0/2.  All internet connectivity works but the VPN's are down.  Are we missing something else?  What about the gateway of the T1?  Do we need routing options for that?

     

    Thank you for your help.  Probably need only one thing but I can't think of it for the life of me.

     

    JamesNT

     



  • 4.  RE: Two Internet connections switching over

    Posted 06-13-2015 16:49

    Did you add fe-0/0/2.0 to the untrust zone or whatever zone the original interface belongs to? 



  • 5.  RE: Two Internet connections switching over

    Posted 06-13-2015 22:29

    One little mistake. . . 🙂

     

    JamesNT