08-28-2012 04:15 AM
I have SRX and want to setup Site-Site VPN with another vendor (Cisco), but i have the following conditions;
- I have more than one site to create VPN with it.
- There are multible subnets on each VPN tunnel.
- The private Subnets are overlapping (so i have to use NAT over the VPN).
based on this i think that i have to go with route based VPN (due to the required NATing), am i right?
if so then i have to create multi proxy IDs for each tunnel, but its not supported.
is there ane idea about this case??
Solved! Go to Solution.
08-28-2012 04:52 AM
For overlapping subnets Nat yes you need to go for Route Based VPN.
You can simply ignore proxy-id configuration parameter or use 0.0.0.0 this should eliminate issue of using single subnet over single vpn.
Please let me know if this answer is enough for your understanding or we can discuss this in detail.
08-30-2012 04:39 PM
If you have Cisco on the other side then you will have to go for multiple VPN's.
- You can have one IKE gateways (phase1) for each.
-Use that gateway in each vpn (phase 2) configuration with different proxy-id's.
09-09-2012 02:04 AM
in phase2 there is proposal, policy, and vpn settings.
so can i create one proposal and one policy then share them between the multible VPNs?