[j-nsp] SRX - Static Routing Out Same Interface

Michael Loftis mloftis at wgops.com
Wed May 1 14:13:50 EDT 2013


You'll need a "hairpin" rule eg:

set security policies from-zone trust to-zone trust policy hairpin match
source-address any
set security policies from-zone trust to-zone trust policy hairpin match
destination-address any
set security policies from-zone trust to-zone trust policy hairpin match
application any
set security policies from-zone trust to-zone trust policy hairpin then
permit

There is no implicit "accept back into source zone".




On Wed, Nov 3, 2010 at 5:33 AM, Bruce Buchanan <bbuchana at nexicomgroup.net>wrote:

>  Hi List –****
>
> ** **
>
> Can anyone give any suggestion/guidance on the following.****
>
> ** **
>
> I’m trying to do a static route **out** the same interface that the
> traffic came **in** on.  This is on an SRX-240****
>
> ** **
>
> Here are the details:****
>
> “Private”: 192.168.20.0/24****
>
> “Public”: 216.168.x.x/32****
>
> Static route: 172.30.200.0/24 to <gateway – 192.168.20.224> to
> 192.168.20.121****
>
> ** **
>
> 192.168.20.121 is the IP on a VPN appliance.****
>
> ** **
>
> Traffic from a client computer never gets routed to the VPN appliance.
> This works on a Cisco 2800 without a problem, but I can’t get it working on
> the SRX.****
>
> ** **
>
> Thanks,****
>
> Bruce****
>
> ** **
>
> *Bruce Buchanan*
> Senior Network Technician
> Nexicom
> 5 King St. E., Millbrook, ON, LOA 1GO
> Phone: 705-932-4147
> FAX: 705-932-3027
> Cell: 705-750-7705
> Web: http://www.nexicom.net
> *Nexicom – Connected. Naturally.*****
>
> [image: Click to call me]<http://messaging.nexicom.net/demo/callme.html?Token=%2BMG4FqUv2NeHeDa1hskfYtfJuno3cQZPLYABdYJ%2FSzqBopBqHiON5tp2gJxEFzvYJEVgFhguIyM94VT%2F5gSYKQPnNXfHtvtV4SL6WuBmtmrG9lu3W5DQJcNnjVetEwcMmynAZcsFspCj4zNyGZPVNQ9cD3MGYjzhJDuAztmmlY30X%2BInJFzGAIlxND9W0RghG63yJ4vYC%2BrYtAv33AYFzjqErh1nzDUutVR6cmGs%2BS9ymGDFRZ80IXTOm%2FRWr5AdjBr4L8EUO6tadfT3JSWBZdN1U9hDimBYYZgNaSPOUFLZBq5uwsyU%2Bf67gYm0NPIV6kggg%2B59ypWRWTDccFUF6ph3msB0k83cnY3FAWynyM5w2BYZZQmFIXVBCTMjkE01ulNAUnyyZh%2BMLmKXuci9RmrF1kq7tvNcCOtEFvYckpBHUjyH6%2FtX9wjXqATwcmgNU7ZVPdG5JvhdwS4m5tlusg%3D%3D>
> ****
>
> ** **
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



-- 

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20130501/5faa6595/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 5154 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20130501/5faa6595/attachment-0001.png>


More information about the juniper-nsp mailing list