SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  More than 1 route based VPN on an interface

    Posted 10-07-2015 08:25

    If I understand this correctly I should be able to do this. But I've been wrong before...

     

    I use a SRX550 for multiple route based VPN's. In they have been set up with 1 public ip on the outbound interface, then bind the tunnel to it etc etc.

     

    My question is... Can I have more than 1 VPN on the interface?

     

    For example: 

    ge-0/0/0 address 1.1.1.1

     

    Tunnel 1:

    ike-policy IKE-policy-12345;
    address 100.100.100.100;
    dead-peer-detection;
    external-interface ge-0/0/0;

     

    Of course all the other good stuff that goes with the Tunnel...

     

    Then Tunnel2:

     

    ike-policy IKE-policy-54321;
    address 200.200.200.200;
    dead-peer-detection;
    external-interface ge-0/0/0;

     

    +++ the rest of the config.

     

    Basically I'd make sure there are no duplicates for external IP's EXECPT for the interface going out to the outside world.

     

    Does that make sense? Can this be done?

     

     



  • 2.  RE: More than 1 route based VPN on an interface
    Best Answer

    Posted 10-07-2015 08:36

    Hi,

     

    If I understand your question correctly, then of course you can!

     

    Have a read below and see whether a Policy or Route based VPN best suits your needs.  Usually a Route Based VPN is the way to go.

     

    http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/example/ipsec-route-based-vpn-configuring.html

    http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/example/ipsec-policy-based-vpn-configuring.html



  • 3.  RE: More than 1 route based VPN on an interface

    Posted 10-07-2015 09:29

    Fantastic!!! Route based is what I need for sure. Thanks!