Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
Hi,I have a central SRX cluster and IPSEC vpn with several SRX100 on remote offices.Some sites have dynamic ip...Is it possible to manage automatically SRX devices over the Internet if their public IP is changing?thanks
Hi,
What version of NSM are you using? I believe the newer versions don't care about IP changes. The remote device contacts the NSM. If the hash matches, the IP is updated. I've done this a few times using version 2011.1 without issue.
John
I'm using the last 2011.1 version of NSM.
Do you have to create the SRX device in a particular way the first time? (I mean reachable or unreachable)
Thanks for your feed back
I haven't tested reachable. I typically use the unreachable approach. I guess a force of habit from the early days of SRX/NSM.
Thnak you John,
I think the unreachable method is the good one since we don't know the IP on the remote side...
thank you
Romain