3 ISP and Failover
palm101 last edited by
I am using SSG140 with 3 ISP, 1 DMZ and 3 LAN.
ISP 1 = 2m/512k ADSL
ISP 2 = 6m/768k ADSL
ISP 3 = 8m/8m Leased line
ISP 1, 2 and 3 will have some traffic (mail and irc) to DMZ.
ISP 2 will be the primary connection but with fail over to ISP 3.
ISP 3 will carry outbound traffic with destination port 2823 but will fail over to ISP 2.
ISP 3 will be endpoint for remote VPN (L2TP over IPSEC).
Any idea what combination of VRouter, Zones will work best with this setup?
jonas-itp last edited by
i will create a new virtual router and then make three default routes with same Preference on that vr. one deafult route to each internet connection
I that case you can use all three interfaces simultaneously.
Use default route through each ISP on you trust-vr, with different preference for control on what interface you are using to forward internet traffic from trust.
You have to use PBR to control traffic with destination port 2823, or use routing as described if traffic to dst-port 2823 are based on specific destinations
hope some of it can be used.
Jonas Ø. Pedersen
Juniper networks specialist
(Juniper - Master of systems Engineering Award 2010)
EX, SSG, SRX, UAC, and SA