Example: Source-Interface-Based Routing (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual
Configuring screenos devices guide
Hide thumbs
Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01:
- Manual (340 pages) ,
- Administration manual (1026 pages) ,
- Installation manual (244 pages)
Table of Contents
Advertisement
Configuring ScreenOS Devices Guide
Related
Documentation
Example: Source-Interface-Based Routing (NSM Procedure)
310
If the route is not found in the source interface-based routing table and if source-based
routing is enabled, the source-based routing table is checked. If the route is not found in
the source-based routing table, the destination-based routing table is checked.
You define source interface-based routes as static routes on a specific virtual router and
source interface. Source interface-based routes only apply to the virtual router in which
you configure them. For example, you cannot specify another virtual router as the next
hop for a source interface-based route. You also cannot redistribute source
interface-based routes into another virtual router or into a routing protocol.
When configuring SIBR, you must specify the name of the interface in the virtual router
on which the packet arrives, and then set the interface on which the packet is to be
forwarded. This interface can belong to a zone in another virtual router, if that virtual
router is sharable. (Sharable virtual routers are VRs that are accessible by any vsys on
the device. The untrust-vr is, by default, a sharable virtual router, but you can configure
other root-level VRs to be sharable). Next, enter the IP address of the next-hop router in
Gateway. If you have already specified a default gateway for the interface, you do not
need to specify this parameter; the interface's default gateway is used for the source
interface-based route.
You can also configure a metric for the route, if desired. By default, the metric for all SIBR
entries is 1. If there are multiple source interface-based routes with the same prefix, only
the route with the best (lowest) metric is used for route lookup and other routes with
the same prefix are marked as "inactive."
For instructions for configuring virtual router source interface-based route entries, see
the Network and Security Manager Online Help.
Virtual Router General Properties Overview on page 297
Access List Overview on page 298
Route Maps Overview on page 300
Routing Table Entries Overview on page 305
Destination-Based Routes Overview on page 307
Source-Based Routes Overview on page 308
Example: Source-Interface-Based Routing (NSM Procedure) on page 310
In this example, you want to forward traffic from the 10.1.1.0/24 subnetwork to ISP 1, and
forward traffic from the 10.1.2.0/24 subnetwork to ISP 2. You must configure two entries
in the default trust-vr routing table and enable source-based routing. The subnetwork
10.1.1.0/24, with ethernet2/1 as the source interface and ethernet2/3 as the forwarding
interface, uses the ISP 1 router (1.1.1.1) as the next hop; subnetwork 10.1.2.0/24, with
ethernet2/2 as the source interface and ethernet2/4 as the forwarding interface, uses
the ISP 2 router (2.2.2.2) as the next hop.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
