[j-nsp] SRX Adding Second ISP

Maarten van der Hoek maarten at vanderhoek.nl
Wed Feb 19 11:11:56 EST 2014


Hi Tim,

Make sure the 2nd ISP has it's own routing-engine, furthermore use Firewall
filters to make sure traffic goes to the right engine...
(and of course the NAT-ing of ashish)

Brgds,

Maarten

-----Oorspronkelijk bericht-----
Van: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] Namens ashish
verma
Verzonden: dinsdag 18 februari 2014 11:21
Aan: Tim Donahue
CC: juniper-nsp
Onderwerp: Re: [j-nsp] SRX Adding Second ISP

May be something like below would help.

show configuration security nat
source {
    pool isp-1 {
        address {
           x.x.x.x/x;
        }
    }
    pool isp-2 {
        address {
           y.y.y.y/y;
        }
    }
   rule-set TRUST-TO-UNTRUST {
        from zone TRUST;
        to zone UNTRUST;
        rule nat-isp1 {
            match {
                source-address [ server-ip1 server-ip2 ];
            }
            then {
                source-nat {
                      pool {
                           isp-1;
                }
        }
    rule nat-isp2 {
            match {
                source-address [ server-ip3 server-ip4 ];
            }
            then {
                source-nat {
                      pool {
                           isp-2;
                }
        }

    }
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list