SRX

i was lookin at the VR implementation, kb15545,

i
        }
    }
}
firewall {
    filter isp1-in {
        term 1 {
            from {
                destination-address {
                    1.1.1.0/29;
                }
            }
            then {
                routing-instance TRUST-VRF;
            }
        }
        term 2 {
            then {
                accept;
            }
        }
    }
    filter isp2-in {
        term 1 {
            from {
                destination-address {
                    2.2.2.0/29;
                }
            }
            then {
                routing-instance TRUST-VRF;
            }
        }
        term 2 {
            then {
                accept;
            }
        }
    }
}
routing-instances {
    TRUST-VRF {
        instance-type forwarding;
        routing-options {
            static {
                route 192.168.1.0/24 next-hop 192.168.1.1;
                route 10.10.10.0/24 next-hop 10.10.10.1;
            }
        }
    }
    INSIDE {
        instance-type virtual-router;
        interface ge-0/0/0.0;
        interface ge-0/0/1.0;
        routing-options {
            interface-routes {
                rib-group inet inside;
            }
            static {
                route 0.0.0.0/0 next-table inet.0;
            }
        }
    }
    ISP2 {
        instance-type virtual-router;
        interface fe-0/0/7.0;
        routing-options {
            interface-routes {
                rib-group inet inside;
            }
            static {
                route 0.0.0.0/0 {
                    next-hop 2.2.2.1;
                    qualified-next-hop 1.1.1.1 {
                        preference 10;
                    }
                }
            }
        }
    }
}

any idea where the following ip is from?

 route 192.168.1.0/24 next-hop 192.168.1.1;
                route 10.10.10.0/24 next-hop 10.10.10.1;

and what if i have a third connection that has a dynamic address?

thanks in advance

Hello BinaryHealer,

The ips 192.168.1.1 & 10.10.10.1 are the next-hop ips (Routers/Switches)  of the subnets were the Web server & the Mail Server lies.

arent they on same subnet?

I think KB1447 (http://kb.juniper.net/InfoCenter/index?page=content&id=KB1447) is more illustrative as VR to VR routing solution?

thanks for the reply, maybe you can help out, i have 3 internet connection, 1 adsl for surfing, 2 lines for mail and vpn, if the adsl is down web surfing should be moved to one of the other lines, if one of the 2 main lines is down, mail will come through other line...

Try to use default gateway with different preference ... and policy base routing (PBR), it should be sufficient (?)

thats what i am using for the moment, but you cant publish your mail server using both isps.

Well, have you checked KB15545 (http://kb.juniper.net/InfoCenter/index?page=content&id=KB15545), there is some source nat used, scenario is known"dual home isp"

(Sorry I didn't check all thread)

thats the same article i mentioned, bt if my servers are on same subnet as trust, do i need the trust routing instance. and id i want certain traffic to go out of isp2 and certain to go out through isp1, can i specify a vr in routing options?