SRX Services Gateway
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
kebson
Visitor
kebson
Posts: 7
Registered: ‎01-04-2012
0

How to config ike gateway external-interface with multiple IP

Options

‎03-23-2012 03:38 PM

Hi,

I am configuring  4 IPsec tunnels st0.1, st0.2, st0.3, st0.3. all the tunnel are using different public IP.

I have difined a loopback interface lo0.1 where I put the 4 public IP for each tennel:

lo0.1 family inet address "IP_1"

lo0.1 family inet address "IP_2"

lo0.1 family inet address "IP_3"

lo0.1 family inet address "IP_4"

The tunnel interfaces are unnumbered..

the ike gateway  external-interface is pointing the lo0.1.

Question: how to make the ike gateway external-interface to choice lo0.1 "IP_1" for st0.1, lo0.1 "IP_2" for st0.2,....

Configuration:

set interfaces lo0 unit 1 family inet address IP_1
set interfaces lo0 unit 1 family inet address IP_2
set interfaces lo0 unit 1 family inet address IP_3
set interfaces lo0 unit 1 family inet address IP_4

 

set security ike gateway tunnel_1 address 1.1.1.1
set security ike gateway tunnel_1 external-interface lo0.1 
set security ike gateway tunnel_2 address 2.2.2.2
set security ike gateway tunnel_2 external-interface lo0.1
set security ike gateway tunnel_3 address 3.3.3.3
set security ike gateway tunnel_3 external-interface lo0.1
set security ike gateway tunnel_4 address 4.4.4.4
set security ike gateway tunnel_4 external-interface lo0.1

Message 1 of 5 (606 Views)
 
Reply
Recognized Expert
Recognized Expert
JunOS_Fan
Posts: 241
Registered: ‎02-13-2012
0

Re: How to config ike gateway external-interface with multiple IP

Options

‎03-23-2012 09:49 PM

Hi,

 

As per the following KB, If we terminate IPSec VPN on an interface with multiple IP addresses,the tunnel will not come up, as it is something that is not supported.

 

KB19475

 

Though, there is a hidden option to make this work .

Best regards
Pradeep (JNCIP-SEC,ENT,SP)
www.networker.co.in
Message 2 of 5 (602 Views)
 
Reply
Recognized Expert
Recognized Expert
Visitor
Posts: 121
Registered: ‎08-30-2010

Re: How to config ike gateway external-interface with multiple IP

[ Edited ]
Options

‎03-24-2012 07:33 AM - edited ‎03-24-2012 07:34 AM

Hi ,

 

You can use the following command to tell the device which ip-address to use for vpn negotiation

 

#set security ike gateway tunnel_1 local-address IP_1

 

This is a hidden command .

 

Hope this helps.
 
Regards,
Visitor
-------------------------------------------------------------------------------------------------------
If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated

 

Message 3 of 5 (595 Views)
 
Reply
Distinguished Expert
Distinguished Expert
Screenie
Posts: 945
Registered: ‎01-10-2008

Re: How to config ike gateway external-interface with multiple IP

Options

‎03-24-2012 09:50 AM

Let's start a thread to list all hidden commands!

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Message 4 of 5 (589 Views)
 
Reply
Recognized Expert
Recognized Expert
Visitor
Posts: 121
Registered: ‎08-30-2010
0

Re: How to config ike gateway external-interface with multiple IP

Options

‎03-25-2012 08:00 PM

 

Sure Screenie

 

Regards,

Visitor

--------------------------------------------------​--------------------------------------------------​---

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated

Message 5 of 5 (568 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.