For When You Can't Have The Real Thing
[ start | index | login ]
start > Netscreen > Specifying Interface In Route Statements

Specifying Interface In Route Statements

Created by dave. Last edited by dave, 6 years and 85 days ago. Viewed 1,308 times. #1
[edit] [rdf]
labels
attachments
(19 September 2012)

Question

Given something like:

unset flow reverse-route clear-text
set interface "ethernet0/0" zone "Trust" 
set interface ethernet0/0 ip 192.168.1.1/24 
set interface ethernet0/0 nat 
set interface ethernet0/0 ip manageable 
set interface ethernet0/3 zone untrust 
set interface ethernet0/2 ip 10.0.0.1/24 
set interface ethernet0/3 ip 10.0.1.1/24 
set interface ethernet0/2 mip 10.0.0.10 host 192.168.1.10 netmask 255.255.255.255 vr trust-vr
set interface ethernet0/3 mip 10.0.1.10 host 192.168.1.10 netmask 255.255.255.255 vr trust-vr
is there a difference between:

set route 0.0.0.0/0 gateway 10.0.0.254
set route 0.0.0.0/0 gateway 10.0.1.254

and:

set route 0.0.0.0/0 interface ethernet0/0 gateway 10.0.0.254
set route 0.0.0.0/0 interface ethernet0/1 gateway 10.0.1.254

...ie is there a point to including the "interface" specifier in the route command?

Answer

The routes without interface are called gaterway tracking routes. For these routes firewall will do a recurrsive route lookup. Such routes take the best exit interface.

These gateway tracking rotes are not synched in NSRP and you have to manually define them on both the peers.

(Source:My question asked >>here)

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt