[j-nsp] MIP issue

Stefan Fouant sfouant at gmail.com
Tue Sep 2 10:57:26 EDT 2008


On Wed, Jun 1, 2005 at 12:55 AM, SunnyDay <cscosunny at gmail.com> wrote:
> I have tried the policy config like you say but no luck.
> The  loopback is in the untrust zone in untrust vr
> The testing zone is in VR-test. You suggest to put in the untrust vr a route
> 192.168.90.2 pointing to the VR-test?
>
> -----Original Message-----
> From: Stefan Fouant [mailto:sfouant at gmail.com]
> Sent: Tuesday, September 02, 2008 5:06 PM
> To: SunnyDay
> Cc: Juniper-Nsp
> Subject: Re: [j-nsp] MIP issue

If the loopback is in the untrust zone why do you need a policy from
the untrust zone to global (or untrust to testing).  If you are
pinging the loopback from a source which is reachable via the untrust
zone than you don't need interzone policy (but you will need to ensure
that you don't have IntraZone Blocking enabled).

In order for us to help you out, you need to have full disclosure with
regards to your setup.  You are leaving out important details out
about your setup and it's difficult to assist you when you only reveal
the prescense of Inter-VR routing after a great deal of prodding.  Why
don't you try posting your config so I can get a better idea of what
is going on.

-- 
Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
GPG Key ID: 0xB5E3803D


More information about the juniper-nsp mailing list