Sorry if this is a repeat post but it looks like the first one did not go through.
I have recently been working on migration from a Cisco(6509) to Juniper (EX4200) environment and we have a policy based route in the Cisco environment that I am having a hard time replicating. I have 3 options for the policy route which is for our user segments, all others don't go through follow the regular routing table. If you are going to our DMZ go out our DMZ backend firewall. If you are staying on the local network follow the general routing table, if you are going to the Internet go to our proxy / web filter. Below is what I have in the switch right now. When I do a show route 1.2.3.3 for example it will show the static route of 2.2.2.2 and the Firewall.inet.0 route of 10.10.1.11 but never the DMZ.inet.0 route (which is what I want it to follow). I'm sure I'm not understanding something here correctly so any assistance would be appreciated. Config is below. Thanks, Joe routing-options { interface-routes { rib-group inet FWProxy; } static { route 1.2.3.0/25 next-hop 2.2.2.2; } rib-groups { FWProxy { import-rib [ inet.0 Firewall.inet.0 DMZ.inet.0 ]; } } } routing-instances { DMZ { instance-type forwarding; routing-options { static { route 1.2.3.0/25 next-hop 172.16.9.28; } } } Firewall { instance-type forwarding; routing-options { static { route 0.0.0.0/0 next-hop 10.10.1.11; } } } } firewall { family inet { filter Firewall-Proxy { term 1 { from { destination-address { 10.0.0.0/8; 172.16.0.0/16; 192.168.0.0/16; } } then { count InternalCount; accept; } } term 2 { from { destination-address { 1.2.3.0/25; } } then { count DMZCount; routing-instance DMZ; } } term 3 { then { count ProxyCount; routing-instance Firewall; } } } } } _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp