SRX

Hi All,

I'm new in juniper network.

I have a topology and i want to configure ipsec vpn site-to-site, but I don'n know what the configuration suit for my topology

I read juniper ipsec vpn document but i see alot of solution for ipsec vpn.

For my topo, I have two connnection bettween 2 SRX100 and SRX240. I want to create VPN for two connection like active-active, it mean if one link down, the system still working

So I have some question about this:

1- If I config standard ipsec vpn. Have I need to create two tunel bettween two link ?,

2- what's the best way i do for ipsec vpn on this topology?

3- Can you give me a link about the instruction to config ipsec vpn with two connection bettween two SRX

Thanks,

Hi Le,

Based on your requirements you can configure route based VPN in which you have to create two tunnel interface let’s say st0.0 and st 0.1.

You can put both st0.0 and st0.1 interface to same zone and when applied the routing let’s say you want to keep st0.0 as a primary and st0.1 as backup.

The configuration of routes would be like this.

Root#set routing-option static route 192.168.1.0/24 next-hop st0.0

Root#set routing-option static route 192.168.1.0/24 qualified-next-hop st0.1 preference 10

Regarding VPN configuration please follow this link.

http://kb.juniper.net/kb/documents/public/junos/jsrx/JSeries_SRXSeries_Route-based_VPN_to_ScreenOS_v13.pdf

Regards,

Deepak

Hi Deepak, 

Thank for your answer,

But can you explain how to create two tunnel interface ? Do I have to config two ike, ipsec for two interface st0.0 and st0.1 or only one configuration for ike, ipsec and just bind two interface ?

Thanks,