James Rizzitano
asked on
Juniper routing 2 trusted subnets
I am having a routing problem on a Juniper SSG-20. I have recently been running out of IP addresses on my network and wanted to setup a seperate subnet for developement and test machines. I have 2 interfaces boud to the the trust zone bg0 192.168.34.xxx/24 and 0/3 10.0.34.xxx/24. I can communicate between both subnets without trouble but only the bg0 interface can connect to the internet. I have 2 WAN interfaces 1/0 main high speed fiber connection and 4/0 a copper T1 connection for backup.
Below is the Destination routing table. There are policies to allow Any traffice from Trust to Untrust.
trust-vr
IP/Netmask Gateway Interface Protocol Preference Metric Vsys Description Configure
* 10.0.0.0/27 ethernet0/1 C Root -
* 10.0.0.1/32 ethernet0/1 H Root -
* 192.168.34.0/24 bgroup0 C Root -
* 192.168.34.5/32 bgroup0 H Root -
* 216.211.255.160/28 ethernet1/0 C Root -
* 216.211.255.162/32 ethernet1/0 H Root -
* 0.0.0.0/0 216.211.255.161 ethernet1/0 S 20 1 Root
* 10.0.34.0/24 ethernet0/3 C Root -
* 10.0.34.5/32 ethernet0/3 H Root -
* 206.166.129.112/28 ethernet0/4 C Root -
* 206.166.129.114/32 ethernet0/4 H Root -
206.166.129.112/28 206.166.129.113 ethernet0/4 S 20 1 Root
Any Help would be greatly appreciated.
Below is the Destination routing table. There are policies to allow Any traffice from Trust to Untrust.
trust-vr
IP/Netmask Gateway Interface Protocol Preference Metric Vsys Description Configure
* 10.0.0.0/27 ethernet0/1 C Root -
* 10.0.0.1/32 ethernet0/1 H Root -
* 192.168.34.0/24 bgroup0 C Root -
* 192.168.34.5/32 bgroup0 H Root -
* 216.211.255.160/28 ethernet1/0 C Root -
* 216.211.255.162/32 ethernet1/0 H Root -
* 0.0.0.0/0 216.211.255.161 ethernet1/0 S 20 1 Root
* 10.0.34.0/24 ethernet0/3 C Root -
* 10.0.34.5/32 ethernet0/3 H Root -
* 206.166.129.112/28 ethernet0/4 C Root -
* 206.166.129.114/32 ethernet0/4 H Root -
206.166.129.112/28 206.166.129.113 ethernet0/4 S 20 1 Root
Any Help would be greatly appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Needed to set the internal interface on my second subnet in the trust zone to NAT it was incorrectly set to route mode.
ASKER