I need route a machine on my network to the second IP from my ISP, but I'm having trouble, don't work!!
My scheme is:
ISP: ge-0/0/1
IP: 200.55.125.149 / 200.55.125.153 / 200.55.125.154 / 200.55.125.156
GW: 200.55.125.254
DMZ: ge-0/02
IP: 172.16.0.234/24
I need that:
172.16.0.56 --- > 200.55.125.153
172.16.0.57 --- > 200.55.125.222
0.0.0.0/0 ---- > 200.55.125.156
I'm trying this way but don't work!
# Set logical interfaces with multiple IP address
set interfaces ge-0/0/1 vlan-tagging
set interfaces ge-0/0/1 unit 0 description "IP149"
set interfaces ge-0/0/1 unit 0 vlan-id 20
set interfaces ge-0/0/1 unit 0 family inet address 200.55.125.149/24
set interfaces ge-0/0/1 unit 1 description "IP153"
set interfaces ge-0/0/1 unit 1 vlan-id 21
set interfaces ge-0/0/1 unit 1 family inet address 200.55.125.153/24
set interfaces ge-0/0/1 unit 2 description "IP154"
set interfaces ge-0/0/1 unit 2 vlan-id 22
set interfaces ge-0/0/1 unit 2 family inet address 200.55.125.154/24
set interfaces ge-0/0/1 unit 3 description "IP154"
set interfaces ge-0/0/1 unit 3 vlan-id 23
set interfaces ge-0/0/1 unit 3 family inet address 200.55.125.156/24
set interfaces ge-0/0/1 unit 4 description "IP153"
set interfaces ge-0/0/1 unit 4 vlan-id 24
set interfaces ge-0/0/1 unit 4 family inet address 200.55.125.222/24
# Seteo las security zones
set security zones security-zone Z-IP149 interfaces ge-0/0/1.0
set security zones security-zone Z-IP153 interfaces ge-0/0/1.1
set security zones security-zone Z-IP154 interfaces ge-0/0/1.2
set security zones security-zone Z-IP156 interfaces ge-0/0/1.3
set security zones security-zone Z-IP222 interfaces ge-0/0/1.4
# Set routing instances
set routing-instances ROUTE-IP149 instance-type forwarding
set routing-instances ROUTE-IP149 routing-options static route 0.0.0.0/0 next-hop 200.55.125.254
set routing-instances ROUTE-IP153 instance-type forwarding
set routing-instances ROUTE-IP153 routing-options static route 0.0.0.0/0 next-hop 200.55.125.254
set routing-instances ROUTE-IP154 instance-type forwarding
set routing-instances ROUTE-IP154 routing-options static route 0.0.0.0/0 next-hop 200.55.125.254
set routing-instances ROUTE-IP156 instance-type forwarding
set routing-instances ROUTE-IP156 routing-options static route 0.0.0.0/0 next-hop 200.55.125.254
set routing-instances ROUTE-IP222 instance-type forwarding
set routing-instances ROUTE-IP222 routing-options static route 0.0.0.0/0 next-hop 200.55.125.254
# Set filter
set interfaces ge-0/0/2 unit 0 family inet filter input FILTER-IP1
set interfaces ge-0/0/2 unit 0 family inet filter input FILTER-IP2
# Set los rib groups
set routing-options interface-routes rib-group inet IMPORT-PHY
set routing-options rib-groups IMPORT-PHY import-rib inet.0
set routing-options rib-groups IMPORT-PHY import-rib ROUTE-IP149.inet.0
set routing-options rib-groups IMPORT-PHY import-rib ROUTE-IP153.inet.0
set routing-options rib-groups IMPORT-PHY import-rib ROUTE-IP154.inet.0
set routing-options rib-groups IMPORT-PHY import-rib ROUTE-IP156.inet.0
set routing-options rib-groups IMPORT-PHY import-rib ROUTE-IP222.inet.0
# Set filter
set firewall filter FILTER-IP1 term 1 from source-address 172.16.0.56/32
set firewall filter FILTER-IP1 term 1 then routing-instance ROUTE-IP153
set firewall filter FILTER-IP1 term 2 from source-address 0.0.0.0/0
set firewall filter FILTER-IP1 term 2 then routing-instance ROUTE-IP156
set firewall filter FILTER-IP2 term 1 from source-address 172.16.0.57/32
set firewall filter FILTER-IP2 term 1 then routing-instance ROUTE-IP222
set firewall filter FILTER-IP2 term 2 from source-address 0.0.0.0/0
set firewall filter FILTER-IP2 term 2 then routing-instance ROUTE-IP156
# accept ping
set security zone security-zone Z-IP153 interface ge-0/0/1.1 host-inbound-traffic system-services ping
set security zone security-zone Z-IP222 interface ge-0/0/1.4 host-inbound-traffic system-services ping
# Addresses books
set security zones security-zone DMZ address-book address CLIENTE 172.16.0.56
set security zones security-zone DMZ address-book address PROXY 172.16.0.57
# Set access to:
set security policies from-zone DMZ to-zone Z-IP153 policy allow-internal-clients match source-address CLIENTE
set security policies from-zone DMZ to-zone Z-IP153 policy allow-internal-clients match destination-address any
set security policies from-zone DMZ to-zone Z-IP153 policy allow-internal-clients match application any
set security policies from-zone DMZ to-zone Z-IP153 policy allow-internal-clients then permit
set security policies from-zone DMZ to-zone Z-IP222 policy allow-internal-clients match source-address PROXY
set security policies from-zone DMZ to-zone Z-IP222 policy allow-internal-clients match destination-address any
set security policies from-zone DMZ to-zone Z-IP222 policy allow-internal-clients match application any
set security policies from-zone DMZ to-zone Z-IP222 policy allow-internal-clients then permit
### SNAT
set security nat source rule-set DMZ-to-IP153 from zone DMZ
set security nat source rule-set DMZ-to-IP153 to zone Z-IP153
set security nat source rule-set DMZ-to-IP153 rule inet-access match source-address 172.16.0.56
set security nat source rule-set DMZ-to-IP153 rule inet-access match destination-address 0.0.0.0/0
set security nat source rule-set DMZ-to-IP153 rule inet-access then source-nat interface
set security nat source rule-set DMZ-to-IP222 from zone DMZ
set security nat source rule-set DMZ-to-IP222 to zone Z-IP222
set security nat source rule-set DMZ-to-IP222 rule inet-access2 match source-address 172.16.0.57
set security nat source rule-set DMZ-to-IP222 rule inet-access2 match destination-address 0.0.0.0/0
set security nat source rule-set DMZ-to-IP222 rule inet-access2 then source-nat interface
Whats wrong?