SRX

last person joined: 15 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  VPN-Configuration with Third-Party-VPN-Gateway to SRX110 with Dynamic IP on one site

    Posted 02-01-2015 10:41

    Hello everyone,

     

    I have a little problem with a Site-to-Site VPN-configuration.

    Scenario looks like this:

     

    SRX110 with a fix WAN-IP

    Third Party VPN Gateway with a dyanmic WAN-IP (so this gateway should initiate the connection)

     

    The problem now is, that the third party VPN-Gateway only makes VPN in Main-Mode.

    Therefor I also have to setup VPN-configuration on the SRX in Main Mode.

    When I enter the WAN-IP as address on the srx in the configuration, which the Third-Party-VPN-Gateway actual has, the VPN comes up and works, but of course only 24 hours, until it gets a new WAN-IP.

     

    Is there a way to make a VPN-Configuration on the SRX in main mode but with no address is set. I tried to setup 0.0.0.0 as address, but that doesn`t work. Can I enter a dyndns-name for address ?

     

     

    Here the scenario:

    [THIRD-PARTY-VPN-GATEWAY (using DYNAMIC WAN-IP] <------> [VPN via MAIN MODE] <--------> [SRX110 with fix WAN-IP] 

    thanks for your help



  • 2.  RE: VPN-Configuration with Third-Party-VPN-Gateway to SRX110 with Dynamic IP on one site
    Best Answer

    Posted 02-14-2015 10:27

    Unfortunately you can't.  Main Mode by definition requires a fixed ip address and we use aggressive mode when one side has a dynamic ip address.  These are set by the IPSEC vpn standard.



  • 3.  RE: VPN-Configuration with Third-Party-VPN-Gateway to SRX110 with Dynamic IP on one site

    Posted 03-02-2015 04:33

    ah ok, thanks for your reply.

    Topic can be closed.

    Best regards, Christoph