Hi,everybody.
I have a issue with two default route on SSG FW.
HQ have a Juniper SSG550 and E0/1 public IP address 1.1.1.1/24 in Untrust Zone,E0/2 public IP address 2.2.2.2/24 in Untrust Zone.
There have two default route :
set route 0.0.0.0/0 interface ethernet0/1 gateway 1.1.1.254
set route 0.0.0.0/0 interface ethernet0/2 gateway 2.2.2.254 metric 10
So, Any traffic from Trust to Untrust(To Internet)will pass through interface E0/1.
All right, This is a normal action.
Now, Our other site have a juniper SSG20 which have a public address 3.3.3.3/24 on interface E0/0 . (set route 0.0.0.0/0 interface ethernet0/0 gateway 3.3.3.254)
We want routed-base vpn redundant between SSG550 and SSG20.
When I ping SSG550 E0/1 address 1.1.1.1 on SSG20, it's OK!
When I ping SSG550 E0/2 address 2.2.2.2 on SSG20, it's OK !!!! Why???
Is SSG550 recive the icmp request from E0/2 and lookup routing-table return this packet to E0/1 ?
But After I delete the second default route(unset route 0.0.0.0/0 interface ethernet0/2 gateway 2.2.2.254 metric 10),the ping failure(SSG 20 do not ping 2.2.2.2)
Anybody help me ?