That's going to be required too, I forgot about that
On Nov 3, 2010, at 14:07 , OBrien, Will wrote: > Do you have an intrazone policy? Trust to trust, allow all for example. > > Sent from my iPad > > On Nov 3, 2010, at 1:04 PM, "Paul Stewart" <p...@paulstewart.org> wrote: > >> Thanks... yeah, pretty much. >> >> We installed the static route and were unable to reach anything on the >> 172.30.200.0/24 network from a machine in the 192.168.20.0/24 subnet. On >> that actual machine (Windows 7) we installed a route in Windows and were >> able to communicate no problem (bypassing the route statement on the SRX). >> >> This seems to imply that by using a default route you can't take traffic >> into an interface and route it back out the SAME interface - an issue we >> used to face on the Cisco PIX boxes at one time. >> >> Looking for a workaround to this - our solution at this point is to bring >> the 192.168.20.121 device (which is a VPN appliance that connects us to our >> billing platforms) in via a subnet on a directly connected interface. The >> downside to this is that it involves some routing changes on the VPN portion >> which we're trying to avoid as it involves a third party. >> >> Literally on the Cisco 2800 in place it's "ip route 172.30.200.0 >> 255.255.255.0 192.168.20.121". On the SRX we have "set routing-options >> static route 172.30.200.0/24 next-hop 192.168.20.121". >> >> Thanks, >> >> Paul >> >> >> >> -----Original Message----- >> From: Michael Damkot [mailto:mdamkot...@gmail.com] >> Sent: Wednesday, November 03, 2010 1:55 PM >> To: Paul Stewart >> Cc: juniper-nsp@puck.nether.net >> Subject: Re: [j-nsp] Static Routing - SRX >> >> Paul- >> >> Just to make sure I'm tracking correctly, you've tried installing a static >> route and it didn't work? >> >> >> On Nov 3, 2010, at 11:48 , Paul Stewart wrote: >> >>> Hi there. >>> >>> >>> >>> Can anyone give any suggestion/guidance on the following. >>> >>> >>> >>> I'm trying to do a static route *out* the same interface that the traffic >>> came *in* on. This is on an SRX-240 >>> >>> >>> >>> Here are the details: >>> >>> "Private": 192.168.20.0/24 >>> >>> "Public": 216.168.x.x/32 >>> >>> >>> >>> Static route: 172.30.200.0/24 to <gateway - 192.168.20.224> to >>> 192.168.20.121 >>> >>> >>> >>> 192.168.20.121 is the IP on a VPN appliance. >>> >>> >>> >>> Traffic from a client computer never gets routed to the VPN appliance. >> This >>> works on a Cisco 2800 without a problem, but I can't get it working on the >>> SRX. >>> >>> >>> >>> So, to walk this through a bit more - a computer sitting on the >> 192.168.20.0 >>> subnet has a default gateway of 192.168.20.224. We want a route on the >> SRX >>> that routes any traffic coming into 192.168.20.224 that is destined to >>> 172.30.200.0/24 to be sent to 192.168.20.121. In Cisco 2800 it's just a >>> static route. >>> >>> >>> >>> Ran across this challenge in the Cisco PIX world as well.. >>> >>> >>> >>> Thanks for any input.. >>> >>> >>> >>> Paul >>> >>> _______________________________________________ >>> juniper-nsp mailing list juniper-nsp@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/juniper-nsp >> >> >> _______________________________________________ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp