SRX

last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Management of an SRX via a VPN Tunnel

    Posted 07-16-2014 05:55

    I have a branch site connecting to a central site via an IPSec VPN.

     

    The central site has an IPSec VPN to my management site.

     

    Is it possible to manage the branch site from my managment site, and how would I go about implementing this?    



  • 2.  RE: Management of an SRX via a VPN Tunnel

    Posted 07-16-2014 06:05

    Hi John,

     

    yes , it  is possible.

     

    Management subnet needs to be advertised across the vpn tunnel.

     

    SRX A has 2 subnets ( LANA and MANAGEMENT subnet )

    SRXB -branch has one subnet (LANB)

     

    Now if you have policy based vpn , you need to configure 2 security policies for each subnet.

     

    On Hub SRXA

    1. LANA to LAN of B

    2. MANAGEMENT to LAN of B

     

    OnBranchSRXB;

     

    1, LAN B to LAN A

    2. LAN B to Management

     

    Now you will see 2 Ipsec sa for each subnet separately.

     

    If it is route based , then you need to create 2 routes for each subnet on the branch if the proxy id is 0.0.0.0

     

    On SRX A:

     

    Route LANB next-hop ST0.X

     

    On SRXB:

    Route LANA next=hop ST0.1

    Route Management next-hop st0.1

     

    Regards
    rparthi
     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too

     



  • 3.  RE: Management of an SRX via a VPN Tunnel

    Posted 07-16-2014 07:01

    Sorry, could you explain further using the following definitions:

     

    SiteA: Main Site

    SiteB: Branch Site

    Site C: Management Site

     

    To be clear I want to create a VPN from SiteB to SiteA that can be managed at SiteC where site C already has a VPN in place



  • 4.  RE: Management of an SRX via a VPN Tunnel

    Posted 07-16-2014 10:17

    John, 

     

    You'll probably want to use the second example (route-based) since you have 3 sites.  Take a look at this, its 2 sites, but its a good idea for route-based: http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/example/ipsec-route-based-vpn-configuring.html

     

     



  • 5.  RE: Management of an SRX via a VPN Tunnel
    Best Answer

    Posted 07-16-2014 19:28

    Hi John,

     

    Yes , SRXA is Hubn

     

    SRX-B and SRX-M ae branch sites.

     

    You can configure Hub and Spoke setup vpn where SRXB  can access SRXM sites through SRXA.

     

    Following Application Notes and Documents can help you.

     

     

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=TN268&actp=RSS

    http://www.juniper.net/techpubs/en_US/junos12.1x46/topics/example/ipsec-hub-and-spoke-configuring.html

     

    Regards
    rparthi
     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too

     



  • 6.  RE: Management of an SRX via a VPN Tunnel

    Posted 07-22-2014 03:31

    Thanks for the information but I want to avoid configuration of the managment VPN device  is there any other way?



  • 7.  RE: Management of an SRX via a VPN Tunnel

    Posted 07-22-2014 03:47

    Hi John,

     

    Advertising the management subnet across vpn tunnel is the only option.

     

    i cannot think of anything else.

     

    Regards
    rparthi
     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too



  • 8.  RE: Management of an SRX via a VPN Tunnel

    Posted 07-22-2014 03:51

    Sorry I have understood you answer now and it will work, thanks for your help.