SRX

last person joined: 17 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Issue with SRX L2L VPN

    Posted 12-27-2013 06:28
      |   view attached

    Hi,

     

    I am wondering if anybody please identify issue with configuration, I am building l2l VPN tunnels between hub and spoke sites. tunnel is building OK, and traffic is accessible only if the traffic generate from remote site, any traffic generate from hub local site being dropped by SRX 550 firewall and not initiating the tunnel for outbound traffic to remote sites,

     

    I am using ASA at the remote sites and SRX550 pair cluster at hub site, I have attached my config if you identify anything missing from the config for outbound traffic.

    Attachment(s)

    txt
    hub firewall example config.txt   15 KB 1 version


  • 2.  RE: Issue with SRX L2L VPN
    Best Answer

    Posted 12-27-2013 08:44

    please configure local identity and proxi identity 

     

    set security ipsec vpn vpn-name ike proxy-identity local y.y.y.y/8 remote x.x.x.x/24 service any

     

     

    and please check on the firewall ASA access list allow that particular subnet remeber.

     

    It should work , and if it is not work go for the following  option:

     

    1. In some cases i have seen traffic drop due to policy logs (init -close ) option so remove it and check.

     



  • 3.  RE: Issue with SRX L2L VPN

    Posted 12-30-2013 00:48

    Excellent wonderful, this has been resolved by configuring local and remote proxy identity. 

     

    thanks mate.



  • 4.  RE: Issue with SRX L2L VPN

    Posted 12-30-2013 00:49

    No problem,Happy to help you.