Hello,
I'm not a JunOS expert but learning fast, if you could assist I would be greatly appreciated.
I setting up an SRX550 to be the gateway for our office to route traffic between ISP and AWS. We have an Ethernet Private Line that is connected to Amazon using BGP and it is running fine. We have another ISP Ethernet that is connected to the Internet using a private class C of 10.0.4.0/24. The ISP has provided 10.0.4.0/24 with DW 10.0.4.1, and DNS 8.8.8.8. I would like to set up our SRX as our office Gateway at 10.0.4.2 such that Amazon traffic is routed to BGP and DNS request is routed to through SRX (10.0.4.2) and out to ISP DW (10.0.4.1). Below is my configuration and it is not working, that is the workstation connected to SRX cannot ping to one another, nor the SRX (10.0.4.2), nor the ISP DW (10.0.4.1). Thank you in advance for your help
Vuonge
=======================
system {
host-name AWSMACRTR;
root-authentication {
encrypted-password "XXXXXXXX"; ## SECRET-DATA
}
name-server {
8.8.8.8;
4.2.2.2;
}
services {
dhcp {
pool 10.0.4.0/24 {
address-range low 10.0.4.100 high 10.0.4.200;
router {
10.0.4.2;
}
propagate-settings ge-0/0/2;
}
propagate-settings ge-0/0/2.3;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 10.0.4.2/24;
}
}
}
ge-0/0/1 {
description "Direct Connect to Amazon";
flexible-vlan-tagging;
mtu 1522;
unit 0 {
vlan-id 100;
family inet {
mtu 1500;
address 54.239.244.142/31;
}
}
}
ge-0/0/2 {
description "Internal Trusted Non-Routable Network";
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust1;
}
}
}
}
vlan {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
unit 1 {
family inet {
address 10.0.4.2/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 10.0.4.1;
}
autonomous-system 65000;
}
protocols {
bgp {
group EBGP {
type external;
peer-as 7224;
neighbor 54.239.244.145 {
local-address 54.239.244.144;
authentication-key "XXXXXXXX"; ## SECRET-DATA
export EXPORT-DEFAULT;
}
}
}
stp;
}
policy-options {
policy-statement EXPORT-DEFAULT {
term DEFAULT {
from {
route-filter 54.239.244.144/31 exact;
}
then accept;
}
term REJECT {
then reject;
}
}
}
security {
nat {
source {
rule-set rs1 {
from zone trust;
to zone untrust;
rule r1 {
match {
source-address 10.0.4.0/24;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone trust to-zone untrust {
policy internet-access {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.1;
ge-0/0/0.0;
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
ge-0/0/1.0;
}
}
}
}
vlans {
vlan-trust0 {
vlan-id 3;
l3-interface vlan.0;
}
vlan-trust1 {
vlan-id 2;
l3-interface vlan.1;
}
}