SRX

last person joined: 17 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX Spoke from behind NAT to SRX Hub on internet

    Posted 03-04-2015 05:34

    Hi,

     

    We've got a situation here where we borrow internet(private IP behind NAT) from a landlord! We don't have access to the firewall but have a SRX2 of our own(not configured per now)

     

    We have a central site with SRX1 device directly on internett and we need to establish IPSECVPN connection between the two SRX-firewalls.

     

    SRX1(public)-internet-(public)LANDLORD FW(NAT)-(private LAN)SRX2(another private range LAN)

     

    so the question would be, is it possible to configure hub and spoke or site-to-site , where spoke is behind nat as depicted above? or do we need to lease a line of our own?

     

    I have earlier configured site-to-site with firewalls directly connected to the internet but not this scenario.

     

    any help is really appreciated.

     

    Regards, DB.



  • 2.  RE: SRX Spoke from behind NAT to SRX Hub on internet
    Best Answer

    Posted 03-06-2015 02:54

    Hi Dan,

     

    Yes, this should work (as long as your landlord's Firewall isn't too restrictive).

     

    You'll need to configure an Aggressive-mode VPN on the SRX and that's about it.  NAT-detection is automatic on the SRX and it will happily work through one.



  • 3.  RE: SRX Spoke from behind NAT to SRX Hub on internet

    Posted 03-24-2015 08:08

    Hi,

     

    tested in lab and it seems to work.

    thanks!