3 ISP and Failover

  • I am using SSG140 with 3 ISP, 1 DMZ and 3 LAN.
    ISP 1 = 2m/512k ADSL
    ISP 2 = 6m/768k ADSL
    ISP 3 = 8m/8m Leased line

    ISP 1, 2 and 3 will have some traffic (mail and irc) to DMZ.
    ISP 2 will be the primary connection but with fail over to ISP 3.
    ISP 3 will carry outbound traffic with destination port 2823 but will fail over to ISP 2.
    ISP 3 will be endpoint for remote VPN (L2TP over IPSEC).

    Any idea what combination of VRouter, Zones will work best with this setup?

  • hi.

    Nice ;o)

    i will create a new virtual router and then make three default routes with same Preference on that vr. one deafult route to each internet connection
    I that case you can use all three interfaces simultaneously.

    Use default route through each ISP on you trust-vr, with different preference for control on what interface you are using to forward internet traffic from trust.

    You have to use PBR to control traffic with destination port 2823, or use routing as described if traffic to dst-port 2823 are based on specific destinations

    hope some of it can be used.

    Best regards
    Jonas Ø. Pedersen

    Juniper networks specialist
    (Juniper - Master of systems Engineering Award 2010)
    EX, SSG, SRX, UAC, and SA

    www.itplaneten.dk / www.jnpr.dk