Routing Problem

howler

howler

howler

Associate
Joined
5 Oct 2004
Posts
1,647
I have a Juniper SSG 140 which has our ethernet internet circuit on the untrust interface and our local network on the trust interface

I need to add an adsl connection to another interface which I have done and created a new zone for that, call it 'ADSL' for arguments sake

With the ethernet circuit when I first set it up I had to manually set the default route

When the ADSL comes online and it dials the PPP it automatically adds a default route into the routing table, because it is a connected route it takes precedence over my static route for the ethernet circuit which cause us a few problems

Is there anyway I can stop it from putting this route in? If not then if I change the preference of the static route I created to 0 will that resolve the issue?

Thanks
 
You could try PBR and sending all the required traffic back over the first route?

I had this problem very recently with a pppoa connection from a speedtouch which ahd to be dhcp, because of that it overrides the default route so we had to disable the second line and order a proper IP range.

Am I right in thinking you can't remove the route thats created by the dialup interface?
 
Spoon, exactly right because the route is automatically created the option to remove it is not available

PBR seems to be the only option but I have never configured it and can't help but think its not the right method
 
Looks like this might be a solution:

"Tackling the “connected preference=0” problem
As explained earlier in this post, a connected default route has a preference of 0. You can change the preference value in the vrouter, but that is not a good idea because it will have an impact on all connected subnets, and it may make your routing configuration much more complex. (suppose you change the connected preference to a value that is higher than one of the other routes in your routing table, you may break access to the local subnets)

But what if you have 2 default gateways, one of them being a connected and another one let’s say a static one; and you want to prefer the static one over the connected one ? Well, it’s quite simple.

Put the interface that has the connected default route in a separate vrouter, and export the default gateway from that new vrouter to your trust vrouter. You can change the preference for imported routes (or exported routes if you choose to export the default route from the new vr to the trust vr) in the trust vr, which means that you can force the connected default route to become the second preferred default route."
 
This may be a stupid question but will I actually need to import the default route for the ADSL into my trust-vr

Given that the ADSL connection only ever receives data and is not used for outbound comms

Just saves me getting involved in the route map stuff that I haven't used before, especially as the firewall is in a live environment
 
Try it without, I imagine you will as it won't be able to route properly but I'm by no means an expert.
 
You must log in or register to reply here.
Back
Top Bottom