Juniper SRX destination NAT with multiple ISP's

StaunchyStaunchy Member Posts: 180
Hi,

I was wondering if anyone here have implemented destination nat with multiple ISP's on a SRX with a default route for traffic from internal to outbound pointing to only 1 ISP?

So far the only way I managed to get this to work is to have default routes with the same preference point to all 4 ISP’s and export all 4 default routes to the forwarding table. All the interface are in the same security zone with destination NAT and then use routing-instances type forwarding to force traffic from internal to outbound over ISP 1 but I feel this way is clunky.
2016 Goals: CCNP R&S, CCNA Security, CCNP Security
LinkedIn

Comments

  • zoidbergzoidberg Member Posts: 365 ■■■■□□□□□□
    Can you explain your routing-instance configuration? How many are you using, what are they there for, etc?

    Are all the ISPs in the same routing-instance? Same zone or different zones?

    It sounds like you're your exporting 4 default routes into the forwarding-table. This is normally used for load balancing. Is this what you're trying to accomplish? Because it sounds like even though you have 4 routes out, you want to force all traffic to use a single route out. If that's the case, could you just adjust the route metrics to prefer the ISP 1 route? Or is that solution causing an issue with return traffic coming from the other ISPs?
Sign In or Register to comment.