SRX

last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Dynamic VPN and IPsec VPN using same Public IP

    Posted 07-27-2015 11:47

    I'm guessing this isn't possible, but I thought I'd check beforehand to make sure

     

    I want to use an SRX240 to perform two functions (1) Implement 3 separate IPsec VPN tunnels with a single public IP endpoint (2) Implement a Dynamic VPN so it can be used for remote access. 

     

    There'll only be a small amount of traffic through the IPsec VPN's, so I'm not worried about the dimensioning, but I'm wondering can I use a single public IP for both functions, or do I require separate IP's for the IPsec VPN and the Dynamic VPN?. Is there any issue with implementing both on the same SRX?

     

     



  • 2.  RE: Dynamic VPN and IPsec VPN using same Public IP
    Best Answer

     
    Posted 07-27-2015 23:22

    Hello ,

     

    There is no such limitation that we cannot have Dynamic VPN and Site to site VPN  terminating on same External Interface IP .  We can do that , Just make sure you dont have any Static NAT or Destination NAT configured for that IP address .  It should be fine to do what you are trying  .

    But recommended to have route based IPSEC VPN , if its policy based , it will impact the dynamic VPN policy  .  And also make sure the ST0 interface to be in different Zone than Untrust .