SRX Services Gateway
Reply
Visitor
utahbmxer
Posts: 9
Registered: ‎10-19-2011
0

Dynamic-VPN with Amazon VPC

I have given up on trying to get shrew vpn client to work on my SRX210 (loved it with SSG), so I have successfully got dynamic-vpn working and can ping/access hosts in the office network from home.

 

Yesterday I established a VPN (2 tuns) to a Amazon VPC, traffic flows there as well, both directions.  What I cannot for the life of me is figure out how to get dynamic-vpn clients to be able to hit servers in the Amazon VPC.  I am kind of new to AWS, so in the meantime I opened all traffic in to the security group there, so I am pretty sure that is not blocking anything.

 

Is it an issue with the VPC setup as route-based and Dynamic-VPN configured as policy-based?  If so, how do I get the dynamic-vpn to be route based?  I have added both remote subnets to the protect-networks.

 

Any help is appreciated

 

policies {
        from-zone trust to-zone untrust {
            policy trust-to-untrust {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
            policy policy_in_wizard_dyn_vpn {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit {
                        tunnel {
                            ipsec-vpn wizard_dyn_vpn;
                        }
                    }
                }
            }
        }
        from-zone trust to-zone trust {
            policy private-vpc {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
    }

 

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.