Hello friends ; We have an MX80 router which has connection on ae0 to our isp
root@mx80-core# show interfaces ae0 aggregated-ether-options { minimum-links 1; lacp { active; periodic fast; } } unit 0 { family inet { filter { input FWDirect; } address 10.32.35.14/30; } } [edit] root@mx80-core# show firewall filter FWDirect { term UDPFW { from { destination-address { 185.9.159.86/32; } protocol udp; } then { log; routing-instance UDP-Routes; } } term TCPFW { from { destination-address { 185.9.159.86/32; } } then { count TCPFWTR; log; routing-instance TCP-Routes; } } term Default { then accept; } } [edit] root@mx80-core# show routing-instances Normal-Routes { instance-type virtual-router; } TCP-Routes { instance-type forwarding; routing-options { static { route 0.0.0.0/0 next-hop 37.123.100.122; } } } UDP-Routes { instance-type forwarding; routing-options { static { route 0.0.0.0/0 next-hop 37.123.100.98; } } } [edit] root@mx80-core# show protocols ospf rib-group SPD-Route; area 0.0.0.0 { interface all; interface ae0.0 { disable; } } [edit] root@mx80-core# show routing-options rib-groups SPD-Route { import-rib [ inet.0 UDP-Routes.inet.0 TCP-Routes.inet.0 ]; } [edit] root@mx80-core# The router has connection to routing instance ip addresses and logging the connections : root@mx80-core# run ping 37.123.100.122 PING 37.123.100.122 (37.123.100.122): 56 data bytes 64 bytes from 37.123.100.122: icmp_seq=0 ttl=64 time=1.194 ms 64 bytes from 37.123.100.122: icmp_seq=1 ttl=64 time=0.956 ms ^C --- 37.123.100.122 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.956/1.075/1.194/0.119 ms [edit] root@mx80-core# run ping 37.123.100.98 PING 37.123.100.98 (37.123.100.98): 56 data bytes 64 bytes from 37.123.100.98: icmp_seq=0 ttl=64 time=0.490 ms 64 bytes from 37.123.100.98: icmp_seq=1 ttl=64 time=8.739 ms 64 bytes from 37.123.100.98: icmp_seq=2 ttl=64 time=0.422 ms ^C --- 37.123.100.98 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.422/3.217/8.739/3.905 ms [edit] root@mx80-core# run show firewall log Log : Time Filter Action Interface Protocol Src Addr Dest Addr 08:44:20 pfe A ae0.0 ICMP 212.174.232.182 185.9.159.86 08:44:19 pfe A ae0.0 ICMP 212.174.232.182 185.9.159.86 08:44:18 pfe A ae0.0 ICMP 212.174.232.182 185.9.159.86 08:44:17 pfe A ae0.0 ICMP 212.174.232.182 185.9.159.86 08:44:16 pfe A ae0.0 ICMP 212.174.232.182 185.9.159.86 08:44:15 pfe A ae0.0 ICMP 212.174.232.182 185.9.159.86 08:44:14 pfe A ae0.0 ICMP 212.174.232.182 185.9.159.86 08:44:13 pfe A ae0.0 ICMP 212.174.232.182 185.9.159.86 08:44:12 pfe A ae0.0 ICMP 212.174.232.182 185.9.159.86 08:44:11 pfe A ae0.0 ICMP 212.174.232.182 185.9.159.86 08:44:10 pfe A ae0.0 ICMP 212.174.232.182 185.9.159.86 08:44:09 pfe A ae0.0 ICMP 212.174.232.182 185.9.159.86 but we can not access from outside the network : Request timeout for icmp_seq 14714 36 bytes from 10.32.35.14: Destination Net Unreachable Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 5400 938d 0 0000 38 01 d3ad 192.168.2.102 185.9.159.86 Request timeout for icmp_seq 14715 36 bytes from 10.32.35.14: Destination Net Unreachable Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 5400 28e7 0 0000 38 01 3e54 192.168.2.102 185.9.159.86 Request timeout for icmp_seq 14716 36 bytes from 10.32.35.14: Destination Net Unreachable Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 5400 ffb1 0 0000 38 01 6789 192.168.2.102 185.9.159.86 Request timeout for icmp_seq 14717 36 bytes from 10.32.35.14: Destination Net Unreachable Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 5400 99ee 0 0000 38 01 cd4c 192.168.2.102 185.9.159.86 Request timeout for icmp_seq 14718 36 bytes from 10.32.35.14: Destination Net Unreachable Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 5400 a9d1 0 0000 38 01 bd69 192.168.2.102 185.9.159.86 how can i over come this issue ?? [SPDNet Telekomünikasyon A.S. Logo]<http://https://www.spd.net.tr/> Cahit Eyigünlü SPDNet Telekomünikasyon A.S. +908508409773 75. Yl Mahallesi 5301 Sk No:24/A - MANSA 45100 [WebsiteGB]<http://https://www.spd.net.tr/> [email] <mailto:cahit.eyigu...@spd.net.tr> [:inkedIn button] <http://https://www.linkedin.com/company/spdnet> [Twitter button] <https://twitter.com/NetSpd> [Facebook button] <https://www.facebook.com/SpdNetTR> Bu e-posta kişiye özel olup, gizli bilgiler içeriyor olabilir. Eğer bu e-posta size yanlışlıkla ulaşmışsa, içeriğini hiç bir şekilde kullanmayınız ve ekli dosyaları açmayınız. Bu e-posta virüslere karşı anti-virüs sistemleri tarafından taranmıştır. Ancak SPDNET, bu e-postanın - virüs koruma sistemleri ile kontrol ediliyor olsa bile - virüs içermediğini garanti etmez ve meydana gelebilecek zararlardan doğacak hiçbir sorumluluğu kabul etmez. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp