SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Contributor
Posts: 796
Registered: ‎06-30-2009
0 Kudos

IPSEC termination on loopback interface or physical interface on SRX3600?

Hi Experts

 

I heard that on higher end SRX 3000/5000, IPSEC termination on loopback interface or physical interface  is not supported. Is that true?

 

Thanks

Trusted Expert
Posts: 257
Registered: ‎02-13-2012
0 Kudos

Re: IPSEC termination on loopback interface or physical interface on SRX3600?

Yes,it's true. KB19829 confirms the same . http://kb.juniper.net/kb19829
Regards,
Pradeep
Juniper Employee
Posts: 11
Registered: ‎12-11-2009
0 Kudos

Re: IPSEC termination on loopback interface or physical interface on SRX3600?

Hi Aeroplane,

 

Just to clarify, for HE platform, IPSec VPN termination on loopback is not supported no matter it is in chassis cluster.

Physical interface can be used to terminate IPSec VPN if it is on in chassis cluster.

If the box is in chassis cluster, only reth can be used to terminate IPsec VPN.

 

Cheers,

 

Tim.

Recognized Expert
Posts: 370
Registered: ‎06-01-2011
0 Kudos

Re: IPSEC termination on loopback interface or physical interface on SRX3600?

Hi,

 

check this post it might be helpful for you

 

http://forums.juniper.net/t5/SRX-Services-Gateway/Issues-terminating-VPN-to-lo0-0-on-SRX3400-cluster...

 

 

Regards,

 

Mohamed Elhariry

 

JNCIE-M/T # 1059, CCNP & CCIP

 

----------------------------------------------------------------------------------------------------------------------------------------

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!

Regards,
Mohamed Elhariry
2* JNCIE (SEC # 159, SP # 1059),JNCIP-ENT

[Click the "Star" for Kudos if you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Highlighted
Contributor
Posts: 796
Registered: ‎06-30-2009
0 Kudos

Re: IPSEC termination on loopback interface or physical interface on SRX3600?

Thanks guys. Could you please provide this to me as well:

 

1- IPSEC termination on non-reth interfaces (physical, loopback) for branch SRX in chassis cluster mode

2- IPSEC termination on non-reth interfaces (physical, loopback) for HE SRX in chassis cluster mode

3- IPSEC termination on loopback interface for HE SRX standalone

 

Thanks

Visitor
Posts: 6
Registered: ‎03-26-2012
0 Kudos

Re: IPSEC termination on loopback interface or physical interface on SRX3600?

tleung is correct, it doesn't matter if the HE SRX is in a cluster or not. Phase 2 will not come up if you're using loopback interfaces.

 

I hope KB19829 is updated to relfect this soon.