05-13-2011 06:54 AM
I have a strange behavior on my SRX240 cluster with IPSEC VPN.
Or, a behavior that I don't undestand, so I need some explanation.
On Side A :
I have a cluster of SRX240 with JUNOS Software Release [10.2R3.10]
The 2 networks 10.8.0.0/13 and 192.168.38.0/24.
These networks have to be connected with the network 192.168.24.0/24 on side B.
So, I create the following configuration :
Solved! Go to Solution.
05-13-2011 08:04 AM
The route for the side-B network points out the ST interface bound to the VPN with the local proxy-id of 10.8/13, so that is why that VPN is used.
Also, remember that proxy-id's do not dicate what traffic can traverse a tunnel, they only come into play when the VPN is being established between the two sites. Since you are using route-based VPN's on the SRX, what traffic traverses the VPN is controlled by a combination of routing (static routes in your case) and security policies.
JNCIE-ENT #63, JNCIE-SP #705, JNCIE-SEC #17, JNCIS-FWV, JNCIS-SSL
05-13-2011 08:48 AM
Thanks for the reply.
This is the first time I configure, on Junos, Two VPN with two different subnet, on junos side, and one subnet on the other side.
So, I thought it need to create one SA for each VPN. It's what is happening when we have one subnet on junos side and two subnet on the other. Indeed, we have two different route.
I understand that is, in fact, cause by the used of route based VPN.
Thank You for the explanation.