01-19-2011 05:40 AM
I'm setting up a policy based VPN with a Cisco device on a SRX 240 Chassis cluster. I have multiple subnets which need to be reachable through the vpn. I know I have to make multiple gw's because of the single subnet proxy-id support. Is it possible to define a subnet and allow that and filter within the VPN?
Juniper Local net: 192.168.10.0/24
Cisco Remote net's: 10.20.30.0/24 & 192.168.20.0/24
I want to allow traffic and have an exception (within the Juniper cluster):
permit tcp host 192.168.10.10 host 10.20.30.40 eq 25
deny tcp 192.168.10.0/24 10.20.30.0/24 eq 25
permit ip 192.168.10.0/24 10.20.30.0/24
How is that possible with Junos?
Solved! Go to Solution.
01-19-2011 06:24 AM
You will have your remote networks defined under your untrust zone for your VPN pair policies.
Before you get into your VPN pair policies on trust to untrust, insert a policy that negates source-address 192.168.10.0/24 destination-address 10.20.30.0/24 application junos-smtp then deny.
Then jump into your pair policies.
01-19-2011 06:48 AM
Thank you, that seems logical. I will test and report back. Also, thank you for your previous post regarding the VPN connection between ASA/Junos, very usefull!