Example: Configuring Export Rules In A Virtual Router (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Related
Documentation

Example: Configuring Export Rules in a Virtual Router (NSM Procedure)

Copyright © 2010, Juniper Networks, Inc.
You can also configure the trust-vr to automatically export all its route table entries to
the untrust-vr, or configure a user-defined virtual router to automatically export routes
to other virtual routers. However, this does not necessarily mean that the untrust-vr
imports all the routes exported by the trust-vr. If you define import rules for the untrust-vr,
only routes that match the import rules are imported.
From ScreenOS 6.3, security devices also support OSPFv3 protocols while importing or
exporting rules in a VR.
For instructions on configuring virtual router export and import rules, see the Network
and Security Manager Online Help.
Configuring Virtual Routers Overview on page 294
Virtual Routers Overview on page 296
Virtual Router General Properties Overview on page 297
Access List Overview on page 298
Route Maps Overview on page 300
Example: Configuring Export Rules in a Virtual Router (NSM Procedure) on page 303
In this example, you export OSPF routes for the 1.1.1.1/24 network in the trust-vr virtual
router to the untrust-vr routing domain. You first create an access list for the network
prefix 1.1.1.1/24, which is then used in the route map " rtmap1" to filter for matches of
routes for the 1.1.1.1/24 network. You then create a route export rule to export matching
OSPF routes from the trust-vr to the untrust-vr virtual router.
To configure export rules in a virtual router:
In the NSM navigation tree, select Device Manager > Devices. Double-click the device
1.
object to open the device configuration.
In the device navigation tree, select Network > Virtual Routers.
2.
Double-click the trust-vr virtual router. The General Properties screen appears.
3.
Configure the access list:
4.
In the virtual router navigation tree, select Access List, then click the Add icon in
the main display area. The Access List Entries/New dialog box appears.
For Access List Number, enter 2.
In the Access List Entries area, click the Add icon. The New Access List Entry dialog
5.
box appears. Configure the following, and then click OK:
For Sequence Number, enter 10.
For Action, select Permit.
For Prefix, select Prefix to Filter and enter the IP address/netmask 1.1.1.1/24.
Chapter 10: Routing
303