Screen OS

 View Only
last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Using ISG1000 source routing for sending traffic to multiple internet gateways

    Posted 08-12-2009 22:52

    Hi,

     

    I have two different brodband routers from my Internet service provider. Behind each router they have given me two distinct /24 networks. (I have configured 192.168.2.0 /24 subnet on both the routers Router 1 = 192.168.2.1 and router 2 = 192.168.2.4)

    I have one ISG1000 firewall its untrust interface is connected via L2 switch to both the routers and has IP address 192.168.2.5/24.

     

    Also behind the ISG I have a 10.16.50.0/24 network. Now I want to divide my 10.15.50.0/24 network in two /25 networks and source NAT first /25 network with 192.168.2.10 and remaining /25 want to source NAT with 192.168.2.11.

     

    Then I want to do source based routing on ISG that if traffic is coming from first /25 then it should go to router 1 (192.168.2.1) and if traffic is coming from second /25 then it should go to router 2 (192.168.2.4).

     

    Is what I said above is making sense? and will it work?

     

    D

     

     



  • 2.  RE: Using ISG1000 source routing for sending traffic to multiple internet gateways

    Posted 08-12-2009 23:32

    Hi,

     

    I think you should used 2 interfaces of the firewall , one interface should be connected to the Router1 and other interface should be connected to router2.

     

    You can use the following route on the firewall:

     

    set route source <first /25 ip address> interface ethernet1 gateway 192.168.2.1

    set route source <second /25 ip address> interface ethernet2 gateway 192.168.2.4

     

    You can connect the each interfaces directly to each routers and used the switch for the internel lan.

     

    Thanks

    Atif



  • 3.  RE: Using ISG1000 source routing for sending traffic to multiple internet gateways

    Posted 08-13-2009 00:29

    Hi,

     

    Thanks for early reply.

     

    If I use two interfaces then shall I put them under same zone or different zones?

    What are the advantages of using two interfaces?

     

    Also I explained in my initial email when I configured I found that it was not working unless I add default route.

     

    D



  • 4.  RE: Using ISG1000 source routing for sending traffic to multiple internet gateways

    Posted 08-13-2009 00:41

    Qs: under same zone or different zones?

    Ans: if you used same zone for Untrust interfaces then you one policy for Trust interfaace to untrust interfaces.  you need 2 seperate policies for different zones of untrust interfaces.

     

    What are the advantages of using two interfaces?

    Ans: It is only possible when you have 2 interfaces, each  connected to each router.

     

    Thanks

    Atif

     



  • 5.  RE: Using ISG1000 source routing for sending traffic to multiple internet gateways

    Posted 08-13-2009 00:48

    Qs: under same zone or different zones?

    Ans: if you use same zone for Untrust interfaces then you need one policy for Trust interface to untrust interfaces.  you need 2 seperate policies if you use different zones for untrust interfaces.

     

    For e.g :

    ONE ZONE for interfaces connected to the router 

    Trust zone to Untrust zone  ======> one policy

     

    TWO ZONE for interfaces connected to the router 

    Trust zone to Untrust1 zone  ======> one policy

    Trust zone to Untrust2 zone  ======> second policy

     

     

     

    What are the advantages of using two interfaces?

    Ans: It is only possible when you have 2 interfaces, each  connected to each router.

     

    Thanks

    Atif



  • 6.  RE: Using ISG1000 source routing for sending traffic to multiple internet gateways
    Best Answer

    Posted 08-17-2009 02:20

    Hi Friend,

     

    I have implemented it with single interface with two source routes. Its working fine. Thanks for your efforts to analyze my requirement and attempt to provide solution.

     

    D