Dear all,
My PBR configuration is below. I have configured everything as suggested in
juniper's documentation. But it's not working as desired. Please help me out
to sort out the issue.
ge-0/0/0 {
unit 0 {
description HO-LAN;
family inet {
address 10.139.1.1/24;
fe-0/0/5 {
unit 0 {
description SUBISU-INTERNET;
family inet {
address 10.10.10.2/29;
fe-0/0/6 {
unit 0 {
description ADSL;
family inet {
address 192.168.254.2/24;
routing-options {
interface-routes {
rib-group inet IMPORT-PHY;
}
static {
route 0.0.0.0/0 {
next-hop [ 10.10.10.1 1 192.168.254.1 ];
metric 5;
}
rib-groups {
IMPORT-PHY {
import-rib [ pbr_fe-0/0/5_static.inet.0 pbr_fe-0/0/6_adsl.inet.0
inet.0 ];
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
rule-set TRUST-TO-WIFI-NAT {
from zone trust;
to zone WIFI-ZONE;
rule wifi-nat {
match {
source-address 10.139.1.0/24;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
zones {
security-zone trust {
address-book {
address HO-LAN 10.139.1.0/24;
}
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.0 {
host-inbound-traffic {
system-services {
https;
ping;
ssh;
all;
}
}
}
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
https;
ping;
ssh;
all;
}
}
}
}
}
security-zone untrust {
host-inbound-traffic {
system-services {
https;
ping;
ssh;
telnet;
}
protocols {
all;
}
}
interfaces {
fe-0/0/5.0 {
host-inbound-traffic {
system-services {
ping;
https;
ssh;
telnet;
ike;
security-zone WIFI-ZONE {
interfaces {
fe-0/0/6.0 {
host-inbound-traffic {
system-services {
ping;
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
from-zone trust to-zone WIFI-ZONE {
policy TRUST-TO-WIFI {
match {
source-address HO-LAN;
destination-address any;
application any;
}
then {
permit;
}
firewall {
filter trust-adsl {
term TERM1 {
from {
source-address {
10.139.1.167/32;
}
}
then {
routing-instance pbr_fe-0/0/6_adsl;
}
}
term TERM2 {
then {
routing-instance pbr_fe-0/0/5_static;
}
}
}
}
routing-instances {
pbr_fe-0/0/5_static {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 {
next-hop 10.10.10.2;
qualified-next-hop 192.168.254.1;
metric 100;
}
}
}
}
pbr_fe-0/0/6_adsl {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/24 {
qualified-next-hop 192.168.1.1;
qualified-next-hop 10.10.10.1 {
metric 100;
Regards,
Bikash Bhattarai
Technical Manager
Dristi Tech Pvt. Ltd.
skype: bkbhattarai
mob:+977-9851039710