05-02-2012 01:56 PM
Hi Experts
I heard that on higher end SRX 3000/5000, IPSEC termination on loopback interface or physical interface is not supported. Is that true?
Thanks
05-02-2012 05:00 PM
05-02-2012 11:18 PM
Hi Aeroplane,
Just to clarify, for HE platform, IPSec VPN termination on loopback is not supported no matter it is in chassis cluster.
Physical interface can be used to terminate IPSec VPN if it is on in chassis cluster.
If the box is in chassis cluster, only reth can be used to terminate IPsec VPN.
Cheers,
Tim.
Hi,
check this post it might be helpful for you
http://forums.juniper.net/t5/SRX-Services-Gateway/Issues-terminating-VPN-to-lo0-0-on-SRX3400-cluster...
Regards,
Mohamed Elhariry
JNCIE-M/T # 1059, CCNP & CCIP
----------------------------------------------------------------------------------------------------------------------------------------If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!
05-03-2012 03:01 AM
Thanks guys. Could you please provide this to me as well:
1- IPSEC termination on non-reth interfaces (physical, loopback) for branch SRX in chassis cluster mode
2- IPSEC termination on non-reth interfaces (physical, loopback) for HE SRX in chassis cluster mode
3- IPSEC termination on loopback interface for HE SRX standalone
07-27-2012 11:47 AM
tleung is correct, it doesn't matter if the HE SRX is in a cluster or not. Phase 2 will not come up if you're using loopback interfaces.
I hope KB19829 is updated to relfect this soon.
