Hi guys,
I'm not able to configure a source-based routing and it's driving me crazy!
Scenario: I have 2 IPSec tunnels, st0.1 and st0.2, the remote local address on both ends is the same, 10.70.78.0/23
I want to make the SRX to route the packets based on the source addess, so:
- Traffic coming from 10.210.241.0/24 should be routed to st0.1
- Traffic coming from 10.210.225.0/24 should be routed to st0.2
The physical interface on my SRX receiving the traffic is reth0.
This is the current configuration :
## INTERFACE reth0 config:
reth0 {
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet {
filter {
input TEST_SRC_Routing;
}
address 10.210.225.190/28;
}
}## FILTER configuration:
{primary:node1}[edit firewall]
root@FIREWALL# show
filter TEST_SRC_Routing {
term t1 {
from {
source-address {
10.210.241.0/24;
}
}
then {
routing-instance Test_STG_RoutingInstance;
}
}
term t2 {
from {
source-address {
10.210.225.0/24;
}
}
then {
routing-instance Test_PROD_RoutingInstance;
}
}
}
filter other {
term default {
then accept;
}
}## Routing Instances configuration:
{primary:node1}[edit routing-instances]
root@FIREWALL# show
Test_PROD_RoutingInstance {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop st0.2;
}
}
}
Test_STG_RoutingInstance {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop st0.1;
}
}
}## Finally, the rib-options:
{primary:node1}[edit routing-options]
root@FIREWALL# show
interface-routes {
rib-group inet rib_group_test;
}
static {
route 10.234.18.0/23 next-hop 10.101.1.254;
route 0.0.0.0/0 next-hop 85.159.122.1;
route 192.168.254.0/24 next-hop 10.101.1.254;
}
rib-groups {
rib_group_Test {
import-rib [ inet.0 Test_PROD_RoutingInstance.inet.0 Test_STG_RoutingInstance.inet.0 ];
}
}Any help?
Thanks!!!