Hello Juniper Experts,
I hope you can help me out.
I have the following issue :
When i am using routing-instances for multiple isp connections the routing will fail
when i create a very simple config like below it is functioning perfectly. I can ping without any issue to some test ip addresses out of the srx through gateway 1.1.1.6
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.1/29 set interfaces fe-0/0/1 unit 0 family inet address 2.2.2.1/29 set interfaces fe-0/0/5 unit 0 family inet address 192.168.10.254/24 set routing-options static route 0.0.0.0/0 next-hop 1.1.1.6 set routing-options static route 0.0.0.0/0 qualified-next-hop 2.2.2.6 metric 100 set security nat source rule-set SR_SET_1 from zone Internal set security nat source rule-set SR_SET_1 to zone Ziggo set security nat source rule-set SR_SET_1 rule rule1 match source-address 192.168.10.0/24 set security nat source rule-set SR_SET_1 rule rule1 match destination-address 0.0.0.0/0 set security nat source rule-set SR_SET_1 rule rule1 then source-nat interface set security policies default-policy permit-all set security zones security-zone Ziggo interfaces fe-0/0/0.0 set security zones security-zone Dsl interfaces fe-0/0/1.0 set security zones security-zone Internal interfaces fe-0/0/5.0 host-inbound-traffic system-services all
When i rebuild this configuration to the one below i cannot ping and resolve any addresses anymore from zone Internal.
set system root-authentication encrypted-password "$1$6PIUAbCK$9dE2nK8ISxPzk/GbNhdw30" set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.1/29 set interfaces fe-0/0/1 unit 0 family inet address 2.2.2.1/29 set interfaces fe-0/0/5 unit 0 family inet address 192.168.10.254/24 set routing-options interface-routes rib-group inet isp set routing-options rib-groups isp import-rib inet.0 set routing-options rib-groups isp import-rib isp1.inet.0 set routing-options rib-groups isp import-rib isp2.inet.0 set security nat source rule-set SR_SET_1 from zone Internal set security nat source rule-set SR_SET_1 to zone Ziggo set security nat source rule-set SR_SET_1 rule rule1 match source-address 192.168.10.0/24 set security nat source rule-set SR_SET_1 rule rule1 match destination-address 0.0.0.0/0 set security nat source rule-set SR_SET_1 rule rule1 then source-nat interface set security policies default-policy permit-all set security zones security-zone Ziggo interfaces fe-0/0/0.0 set security zones security-zone Dsl interfaces fe-0/0/1.0 set security zones security-zone Internal interfaces fe-0/0/5.0 host-inbound-traffic system-services all set routing-instances isp1 instance-type virtual-router set routing-instances isp1 interface fe-0/0/0.0 set routing-instances isp1 routing-options static route 0.0.0.0/0 next-hop 1.1.1.6 set routing-instances isp1 routing-options static route 192.168.10.0/24 next-table inet.0 set routing-instances isp2 instance-type virtual-router set routing-instances isp2 interface fe-0/0/1.0 set routing-instances isp2 routing-options static route 0.0.0.0/0 next-hop 2.2.2.6 set routing-instances isp2 routing-options static route 192.168.10.0/24 next-table inet.0
Do you have any idea and/or suggestions ?
Regards,
Robbert