SRX Services Gateway
Reply
Visitor
kebson
Posts: 7
Registered: ‎01-04-2012
0

How to config ike gateway external-interface with multiple IP

Hi,

I am configuring  4 IPsec tunnels st0.1, st0.2, st0.3, st0.3. all the tunnel are using different public IP.

I have difined a loopback interface lo0.1 where I put the 4 public IP for each tennel:

lo0.1 family inet address "IP_1"

lo0.1 family inet address "IP_2"

lo0.1 family inet address "IP_3"

lo0.1 family inet address "IP_4"

The tunnel interfaces are unnumbered..

the ike gateway  external-interface is pointing the lo0.1.

Question: how to make the ike gateway external-interface to choice lo0.1 "IP_1" for st0.1, lo0.1 "IP_2" for st0.2,....

Configuration:

set interfaces lo0 unit 1 family inet address IP_1
set interfaces lo0 unit 1 family inet address IP_2
set interfaces lo0 unit 1 family inet address IP_3
set interfaces lo0 unit 1 family inet address IP_4

 

set security ike gateway tunnel_1 address 1.1.1.1
set security ike gateway tunnel_1 external-interface lo0.1 
set security ike gateway tunnel_2 address 2.2.2.2
set security ike gateway tunnel_2 external-interface lo0.1
set security ike gateway tunnel_3 address 3.3.3.3
set security ike gateway tunnel_3 external-interface lo0.1
set security ike gateway tunnel_4 address 4.4.4.4
set security ike gateway tunnel_4 external-interface lo0.1

Recognized Expert
JunOS_Fan
Posts: 241
Registered: ‎02-13-2012
0

Re: How to config ike gateway external-interface with multiple IP

Hi,

 

As per the following KB, If we terminate IPSec VPN on an interface with multiple IP addresses,the tunnel will not come up, as it is something that is not supported.

 

KB19475

 

Though, there is a hidden option to make this work .

Best regards
Pradeep (JNCIP-SEC,ENT,SP)
www.networker.co.in
Recognized Expert
Visitor
Posts: 121
Registered: ‎08-30-2010

Re: How to config ike gateway external-interface with multiple IP

[ Edited ]

Hi ,

 

You can use the following command to tell the device which ip-address to use for vpn negotiation

 

#set security ike gateway tunnel_1 local-address IP_1

 

This is a hidden command .

 

Hope this helps.
 
Regards,
Visitor
-------------------------------------------------------------------------------------------------------
If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated

 

Distinguished Expert
Screenie
Posts: 1,086
Registered: ‎01-10-2008

Re: How to config ike gateway external-interface with multiple IP

Let's start a thread to list all hidden commands!

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Recognized Expert
Visitor
Posts: 121
Registered: ‎08-30-2010
0

Re: How to config ike gateway external-interface with multiple IP

 

Sure Screenie

 

Regards,

Visitor

--------------------------------------------------​--------------------------------------------------​---

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.