Joe Can you post your Cisco pbr statements. The acls and route-maps please.
Chris > Sorry if this is a repeat post but it looks like the first one did not > go through. > > I have recently been working on migration from a Cisco(6509) to > Juniper (EX4200) environment and we have a policy based route in the > Cisco environment that I am having a hard time replicating. > > I have 3 options for the policy route which is for our user segments, > all others don't go through follow the regular routing table. If you > are going to our DMZ go out our DMZ backend firewall. If you are > staying on the local network follow the general routing table, if you > are going to the Internet go to our proxy / web filter. > > Below is what I have in the switch right now. When I do a show route > 1.2.3.3 for example it will show the static route of 2.2.2.2 and the > Firewall.inet.0 route of 10.10.1.11 but never the DMZ.inet.0 route > (which is what I want it to follow). I'm sure I'm not understanding > something here correctly so any assistance would be appreciated. > Config is below. > > Thanks, > > Joe > > routing-options { > interface-routes { > rib-group inet FWProxy; > } > static { > route 1.2.3.0/25 next-hop 2.2.2.2; > } > rib-groups { > FWProxy { > import-rib [ inet.0 Firewall.inet.0 DMZ.inet.0 ]; > } > } > } > > routing-instances { > DMZ { > instance-type forwarding; > routing-options { > static { > route 1.2.3.0/25 next-hop 172.16.9.28; > } > } > } > Firewall { > instance-type forwarding; > routing-options { > static { > route 0.0.0.0/0 next-hop 10.10.1.11; > } > } > } > } > > firewall { > family inet { > filter Firewall-Proxy { > term 1 { > from { > destination-address { > 10.0.0.0/8; > 172.16.0.0/16; > 192.168.0.0/16; > } > } > then { > count InternalCount; > accept; > } > } > term 2 { > from { > destination-address { > 1.2.3.0/25; > } > } > then { > count DMZCount; > routing-instance DMZ; > } > } > term 3 { > then { > count ProxyCount; > routing-instance Firewall; > } > } > } > } > } > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp