Hi,
Before, I set up via routed based. It works fine with the third party for one remote subnet (remote.0.0)
According to the topology attached:
From astaro: to access to the vpn client (from remote.0.0), static route is used. Now from local.0.0 (SRX network), we need to access to vpn client (X.x.0.0/14, X.y.0.0/16, Z.w.x.0/24)
So I have added vpn client subnets to astaro party.
SRX:
- I declare all these subnets (remote.0.0 and vpn client subnets) in the untrust zone
- create adequate policies from and to.
- create adequate ike, ipsec (same security as before but without bind-interface, proxy-id and so)
All SA are okay but no way that I can access from local.0.0. I can even not access to remote.0.0 anymore.