->set vrouter "Trust-VR"
->set route 0.0.0.0/0 vrouter "Untrust-VR" preference 20 metric 1
JUNOS configuration is similar however we must create a term that imports the Untrust-VR routes into the Trust-VR and then apply it the Trust-VR as below
root@host# set policy-options policy-statement Untrust_to_Trust_Import term Untrust_Route_Import from instance Untrust-VR
root@host# set policy-options policy-statement Untrust_to_Trust_Import term Untrust_Route_Import then accept
root@host# set routing-instances Trust-VR routing-options instance-import Untrust_to_Trust_Import
Finally we need to actually add a route into the Untrust-VR that will be imported into the Trust-VR using the policy above.
root@host#set routing-instances Untrust-VR routing-options static route 0.0.0.0/0 next-hop 15.243.192.65
Thanks for the help. One question:
ReplyDeleteWhat should the next-hop address be?
Where you have 15.243.192.65, is this a loopback address? Pardon my ignorance, this was SO EASY in an SSG!
But, what if I don't have the trust-VR but created zones directly over the flat default inet.0 instance? How do I make one zone created there to go out to the internet through a zone created in the Untrust-VR?
ReplyDeleteI created a routing instance called Untrust-VR and that's it. I assigned a security zone to it and want traffic from a zone created directly on the srx, not associated to any routing instance, to go to the internet from the zone created on that routing instance Untrust-VR
ReplyDelete