SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Contributor
Posts: 133
Registered: ‎03-11-2017
0 Kudos

Route-based VPN

when using point-tpoint VPN is it a must that both st0 interface be in the same subnet ???

when using multi point VPN is it a must that all st0 interfaces be in the same subnet ???

Distinguished Expert
Posts: 5,023
Registered: ‎03-30-2009
0 Kudos

Re: Route-based VPN

Yes, when doing the route based vpn you should think of the  links between the tunnel interfaces as if they were connected physical interfaces. 

 

So for the point-to-point links are in the same subnet.

 

And the the multi-point links all vpn interfaces are in the same broadcast domain and subnet.

 

This allows normal routing protocols like OSPF then to work for the segment you connect.

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home
Contributor
Posts: 133
Registered: ‎03-11-2017
0 Kudos

Re: Route-based VPN

Dear Steve,

thx for you r replay

please i have one more issue, is that when i was wtuding GRE over IPSEC configuration i found that they are using st0 (un-number) which was very confusing

https://kb.juniper.net/InfoCenter/index?page=content&id=KB19372&actp=METADATA

Distinguished Expert
Posts: 5,023
Registered: ‎03-30-2009
0 Kudos

Re: Route-based VPN

You only need to use GRE over IPSEC if you are connecting to another vendor that requires GRE encapsulation.  Juniper and many other vendors support having broadcast traffic like OSPF directly over IPSEC without further tunneling.

 

That GRE over IPSEC is mainly used with older Cisco versions that required the double tunnel.

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home