Destination NAT on Juniper SRX in a dual ISP environment: dealing with Routing Instances

It is common for branch offices to have two Internet connections for redundancy. Such connections are used for branch user traffic to the Internet as well as for providing access to some internal resources, such as servers, located in the internal network (or DMZ) behind a firewall. For providing access to such internal resources that don’t have a public IP address, destination NAT (DNAT) is commonly used. Although configuring DNAT with one ISP connection is a relatively easy task,  a dual ISP environment requires a little special treatment.

Continue reading