[j-nsp] ScreenOS routing policy (route map)
Ying Zhang
cynthia_dal at yahoo.ca
Wed Nov 26 08:53:18 EST 2008
Hi list,
I am new to ScreenOS. A seeming easy task in JUNOS doesn't look so easy in ScreenOS. I am sure I missed something here:
Network topology:
Router A -- Firewall -- Router B
FW learned 100 routes from Router A, and will announce all of them to router B except one route 20.1/16. How to change the explicit deny at the end of route map (I don't want to "permit" all 99 routes in the route map)?
Here is what I did:
Network > Routing > Virtual Router (trust-vr) > Access List > New: Enter the
following, then click OK:
Access List ID: 20
Sequence No.: 1
IP/Netmask: 20.1.0.0/16
Action: deny
Network > Routing > Virtual Router (trust-vr) > Route Map > New: Enter the
following, then click OK:
Map Name: rtmap1
Sequence No.: 1
Action: deny/permit?
Match Properties:
Access List: (select), 20 (select)
Apply it to FW interface to Router B.
Whether I choose deny or permit in the route map action will make the FW to stop announcing all routes to Router B. Many thanks.
C.
More information about the juniper-nsp
mailing list