Dear all,
My PBR configuration is below. I have configured everything as suggested in juniper's documentation. But it's not working as desired. Please help me out to sort out the issue. ge-0/0/0 { unit 0 { description HO-LAN; family inet { address 10.139.1.1/24; fe-0/0/5 { unit 0 { description SUBISU-INTERNET; family inet { address 10.10.10.2/29; fe-0/0/6 { unit 0 { description ADSL; family inet { address 192.168.254.2/24; routing-options { interface-routes { rib-group inet IMPORT-PHY; } static { route 0.0.0.0/0 { next-hop [ 10.10.10.1 1 192.168.254.1 ]; metric 5; } rib-groups { IMPORT-PHY { import-rib [ pbr_fe-0/0/5_static.inet.0 pbr_fe-0/0/6_adsl.inet.0 inet.0 ]; nat { source { rule-set trust-to-untrust { from zone trust; to zone untrust; rule source-nat-rule { match { source-address 0.0.0.0/0; } then { source-nat { interface; rule-set TRUST-TO-WIFI-NAT { from zone trust; to zone WIFI-ZONE; rule wifi-nat { match { source-address 10.139.1.0/24; destination-address 0.0.0.0/0; } then { source-nat { interface; zones { security-zone trust { address-book { address HO-LAN 10.139.1.0/24; } host-inbound-traffic { system-services { all; } protocols { all; } } interfaces { vlan.0 { host-inbound-traffic { system-services { https; ping; ssh; all; } } } ge-0/0/0.0 { host-inbound-traffic { system-services { https; ping; ssh; all; } } } } } security-zone untrust { host-inbound-traffic { system-services { https; ping; ssh; telnet; } protocols { all; } } interfaces { fe-0/0/5.0 { host-inbound-traffic { system-services { ping; https; ssh; telnet; ike; security-zone WIFI-ZONE { interfaces { fe-0/0/6.0 { host-inbound-traffic { system-services { ping; policies { from-zone trust to-zone untrust { policy trust-to-untrust { match { source-address any; destination-address any; application any; } then { permit; } from-zone trust to-zone WIFI-ZONE { policy TRUST-TO-WIFI { match { source-address HO-LAN; destination-address any; application any; } then { permit; } firewall { filter trust-adsl { term TERM1 { from { source-address { 10.139.1.167/32; } } then { routing-instance pbr_fe-0/0/6_adsl; } } term TERM2 { then { routing-instance pbr_fe-0/0/5_static; } } } } routing-instances { pbr_fe-0/0/5_static { instance-type forwarding; routing-options { static { route 0.0.0.0/0 { next-hop 10.10.10.2; qualified-next-hop 192.168.254.1; metric 100; } } } } pbr_fe-0/0/6_adsl { instance-type forwarding; routing-options { static { route 0.0.0.0/24 { qualified-next-hop 192.168.1.1; qualified-next-hop 10.10.10.1 { metric 100; Regards, Bikash Bhattarai Technical Manager Dristi Tech Pvt. Ltd. skype: bkbhattarai mob:+977-9851039710 _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp