[j-nsp] Static Routing - SRX
Ben Dale
bdale at comlinx.com.au
Wed Nov 3 16:31:26 EDT 2010
Hi Paul,
Router-on-a-stick with SRX will break unless you have the following:
set security policy from-zone Private to-zone Private policy 1ARM match source-address n192.168.20.0/24
set security policy from-zone Private to-zone Private policy 1ARM match destination-address n172.30.200.0/24
set security policy from-zone Private to-zone Private policy 1ARM match application any
set security policy from-zone Private to-zone Private policy 1ARM then permit
Cheers,
Ben
On 04/11/2010, at 1:48 AM, Paul Stewart wrote:
> Hi there.
>
>
>
> Can anyone give any suggestion/guidance on the following.
>
>
>
> I'm trying to do a static route *out* the same interface that the traffic
> came *in* on. This is on an SRX-240
>
>
>
> Here are the details:
>
> "Private": 192.168.20.0/24
>
> "Public": 216.168.x.x/32
>
>
>
> Static route: 172.30.200.0/24 to <gateway - 192.168.20.224> to
> 192.168.20.121
>
>
>
> 192.168.20.121 is the IP on a VPN appliance.
>
>
>
> Traffic from a client computer never gets routed to the VPN appliance. This
> works on a Cisco 2800 without a problem, but I can't get it working on the
> SRX.
>
>
>
> So, to walk this through a bit more - a computer sitting on the 192.168.20.0
> subnet has a default gateway of 192.168.20.224. We want a route on the SRX
> that routes any traffic coming into 192.168.20.224 that is destined to
> 172.30.200.0/24 to be sent to 192.168.20.121. In Cisco 2800 it's just a
> static route.
>
>
>
> Ran across this challenge in the Cisco PIX world as well..
>
>
>
> Thanks for any input..
>
>
>
> Paul
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list