SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  O

    Posted 12-06-2013 00:57
     


  • 2.  RE: O

    Posted 12-07-2013 18:20

    This forum is for the SSL VPN appliance.  Your question appears to be about an IPSEC vpn on the firewall platform.

     

    Let me know if you are using the SRX series or one of the ScreenOS series (SSG; ISG; NS) firewalls.  

     

    I can then move this to the correct forum.



  • 3.  RE: O

    Posted 12-10-2013 05:08

    Thank you for yout reply,I am using Junos SRX 240

     

     



  • 4.  RE: O

    Posted 12-10-2013 10:36

    Hello,

     

    Just create different proxy ID for the different VPN tunnels, and create different tunnel interfaces, that should work.



  • 5.  RE: O

    Posted 12-12-2013 05:44

    Hello,

     

    the PROXY-ID can't be different cause they are same.

     

    Ex :

     

    Site 1 ( remote = 192.168.0.0/16 )

    Site 2 ( remote = 192.168.0.0/16 )

     

    Then I have automatically the same PROXY-ID and the probleme is that I have to route the remote subnets to differente ST interfaces.

     

    Thanx



  • 6.  RE: O
    Best Answer

    Posted 12-13-2013 02:02

    Hi,

     

    You need to nat the remote lan - 192.168.0.0/16 on each respective sites to different subnet so that these appear as unique ip on the srx. And match the similar proxy on the srx.

     

    For example you nat the 192.168.0.0/16 to 172.18.0.0/16 on SiteA and similar the on the other sides.

    And match 172.18.0.0/16 on the srx as remote proxy id. leave the srx lan as it is.

     

    Either policy based or route based will work. IN route based vpn, you specifiy the natted network in the route, and in policy based you specify the natted network on the firewall policy!

     

     

    hope this helps.

     

    rewanta