SRX

last person joined: 18 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  VPN Tunnel Using Interface's Secondary IP?

    Posted 12-04-2012 19:34

    We have multiple IP addresses configured on our external (untrust) interface.  Assume:

     

     10.3.15.10

     10.3.15.11

     10.3.15.12

     10.3.15.13 

     10.3.15.14

     

    We have many site-to-site VPNs configured successfully on 10.3.15.10 but to meet a specific need, we want to create additional tunnels on secondary IP  10.3.15.12.

     

    Is this configuration possible on the SRX 210/220/240 series?  I'm failing in my attempts to make that work.



  • 2.  RE: VPN Tunnel Using Interface's Secondary IP?
    Best Answer

    Posted 12-04-2012 20:19
    Yeah there's a hidden command in the ike gateway config. I think its something like:

    Set local-address x.x.x.x


  • 3.  RE: VPN Tunnel Using Interface's Secondary IP?

    Posted 12-05-2012 10:01

    Wow, thanks.  Adding   local-address 10.3.15.12;  to the gateway config where the destination IP and external interface are congifured worked great.

     

    Too bad that is a hidden command, because it's really useful.  In our case, I don't think we could have accomplished what we needed to without being able to select the specific public IP used for the tunnel.