• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 496
  • Last Modified:

Juniper SSG 140 Configuration.

Hello Experts,
We are using two gateway to connect it to the external network. We have different supplier who has a web portal to connect to their accounting systems but due to 2 gateway from our side our public ip keep changing and they advise to keep it one. So in our source routing list, we manually add internal ip addresses of those accountant who connect to the supplier web portal and its working fine. Now there is a similar requirement for the whole company for one more site. We don't want to put 0.0.0.0 to use eth7 as a particular gateway to connect internet. We just want to put a routing policy so that if user goes to www.abc.com they will only connect through that particular gateway. Is this possible?
Regards.
0
ibu1
Asked:
ibu1
  • 7
  • 7
1 Solution
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Of course. Just use destination routing; however, you will have to resolve site names to IP addresses, as you can't route to dynamic target IPs.
0
 
ibu1System AdministratorAuthor Commented:
Thanks for the reply. Can you please give example when to use destination routing and when to use source routing. As according to me destination route is used when somebody wants to connect to our network. Below is the example of our destination route. What does it mean?
IP/Netmask                                 Gateway                        Interface                    
0.0.0.0/0                                        XX.XXX.XX.XXX             ethernet0/7
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
It is much simpler: If the destination is known, and the source does not matter, you use destination routing (which is the "default" routing applied). Source routing is used if you want a specific source to be routed differently to a specific or unknown target.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
The above estination route is the default route, applied to any unknown target. It says "send all traffic you do not have routes for to gateway xx.xxx.xx.xxx using interface eth0/7".
0
 
ibu1System AdministratorAuthor Commented:
So if I will add www.abc.com to the destination router means the traffic from www.abc.com comes through the gateway xx.xxx.xx.xxx using interface eth0/7". But in my question I want to send traffice to this particular site, not receive the traffic.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
No, you are getting that wrong. "Source IP" is always based on the sender, "Destination IP" on the receiver.
0
 
ibu1System AdministratorAuthor Commented:
Hello,
Not getting what you mentioned above.
Regards.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
If www.abc.com sends traffic, www.abc.com's IP is the source IP, not the destination IP. Source = from, destination = to. It's really nothing difficult.
0
 
ibu1System AdministratorAuthor Commented:
So, why we create destination routing if www.abc.com is the source?
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
if user goes to www.abc.com 
sound as www.abc.com being the destination!?
If you are asking for how to route the reply, that is different - the stateful firewall on SSG keeps the state of the session created with the first packet sent to www.abc.com for some time, and that session includes the internal and external address and port information. Routing is not used at that time (the translated destination address, which is internal, is on the interface's subnet).
0
 
ibu1System AdministratorAuthor Commented:
Is there something missing in your above comment. Means some texts are missing?
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Nothing missing there. Again, if you go to somewhere, that is the destination. It doesn't matter whether you go from somewhere home (then home is your destination), or from home to somewhere (then somewhere is the destination).
0
 
ibu1System AdministratorAuthor Commented:
Thanks for the patience in the whole process.
0
 
ibu1System AdministratorAuthor Commented:
I found very clear definition for destination and source routing on the Cyberoam site.
1.    Destination specific route  
Required when:

    Internal users require access to externally hosted servers
    Packets for external server should always be routed through a designated gateway and not the default gateway


2. Source based routing
Example:
Mail server hosted internally is used by remote users to send and receive mails and the packets from mail server should explicitly be routed through Gateway 2.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

  • 7
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now