[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Juniper SSG 140 Configuration.

Posted on 2013-07-02
14
Medium Priority
?
490 Views
Last Modified: 2013-07-29
Hello Experts,
We are using two gateway to connect it to the external network. We have different supplier who has a web portal to connect to their accounting systems but due to 2 gateway from our side our public ip keep changing and they advise to keep it one. So in our source routing list, we manually add internal ip addresses of those accountant who connect to the supplier web portal and its working fine. Now there is a similar requirement for the whole company for one more site. We don't want to put 0.0.0.0 to use eth7 as a particular gateway to connect internet. We just want to put a routing policy so that if user goes to www.abc.com they will only connect through that particular gateway. Is this possible?
Regards.
0
Comment
Question by:ibu1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
14 Comments
 
LVL 71

Expert Comment

by:Qlemo
ID: 39292817
Of course. Just use destination routing; however, you will have to resolve site names to IP addresses, as you can't route to dynamic target IPs.
0
 
LVL 12

Author Comment

by:ibu1
ID: 39292842
Thanks for the reply. Can you please give example when to use destination routing and when to use source routing. As according to me destination route is used when somebody wants to connect to our network. Below is the example of our destination route. What does it mean?
IP/Netmask                                 Gateway                        Interface                    
0.0.0.0/0                                        XX.XXX.XX.XXX             ethernet0/7
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 2000 total points
ID: 39292946
It is much simpler: If the destination is known, and the source does not matter, you use destination routing (which is the "default" routing applied). Source routing is used if you want a specific source to be routed differently to a specific or unknown target.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 71

Expert Comment

by:Qlemo
ID: 39292961
The above estination route is the default route, applied to any unknown target. It says "send all traffic you do not have routes for to gateway xx.xxx.xx.xxx using interface eth0/7".
0
 
LVL 12

Author Comment

by:ibu1
ID: 39293403
So if I will add www.abc.com to the destination router means the traffic from www.abc.com comes through the gateway xx.xxx.xx.xxx using interface eth0/7". But in my question I want to send traffice to this particular site, not receive the traffic.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 39293772
No, you are getting that wrong. "Source IP" is always based on the sender, "Destination IP" on the receiver.
0
 
LVL 12

Author Comment

by:ibu1
ID: 39295946
Hello,
Not getting what you mentioned above.
Regards.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 39296240
If www.abc.com sends traffic, www.abc.com's IP is the source IP, not the destination IP. Source = from, destination = to. It's really nothing difficult.
0
 
LVL 12

Author Comment

by:ibu1
ID: 39299329
So, why we create destination routing if www.abc.com is the source?
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 39299344
if user goes to www.abc.com 
sound as www.abc.com being the destination!?
If you are asking for how to route the reply, that is different - the stateful firewall on SSG keeps the state of the session created with the first packet sent to www.abc.com for some time, and that session includes the internal and external address and port information. Routing is not used at that time (the translated destination address, which is internal, is on the interface's subnet).
0
 
LVL 12

Author Comment

by:ibu1
ID: 39300664
Is there something missing in your above comment. Means some texts are missing?
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 39300796
Nothing missing there. Again, if you go to somewhere, that is the destination. It doesn't matter whether you go from somewhere home (then home is your destination), or from home to somewhere (then somewhere is the destination).
0
 
LVL 12

Author Closing Comment

by:ibu1
ID: 39304290
Thanks for the patience in the whole process.
0
 
LVL 12

Author Comment

by:ibu1
ID: 39363374
I found very clear definition for destination and source routing on the Cyberoam site.
1.    Destination specific route  
Required when:

    Internal users require access to externally hosted servers
    Packets for external server should always be routed through a designated gateway and not the default gateway


2. Source based routing
Example:
Mail server hosted internally is used by remote users to send and receive mails and the packets from mail server should explicitly be routed through Gateway 2.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question