SRX

last person joined: 23 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  VPN with multiple subnets on each side (SRX to SSG)

    Posted 06-06-2013 15:07

    Hi, I need to create a VPN between SRX210 and SSG520M devices. Behind SRX I have 4 LANs in 2 zones, behind SSG 2 LANs in 2 zones. I know SRX side bit better, so I'll refer mostly to that side.

     

    How do I go about doing that? Can I just create basic IPSec (i.e. with wizard) on both sides and it will work?

     

    I know there are issues with Cisco, where Proxy-ID has to be set. Is this the case here too? If so, how is it done? 8 st interfaces on the SRX side, with VPN with Proxy-ID combination of source and destination net for each? Single numbered interface (with the same 8 VPNs)? Some other way?

     

    Sorry, I'm quite new to this subject, so any help would be great.



  • 2.  RE: VPN with multiple subnets on each side (SRX to SSG)
    Best Answer

    Posted 06-06-2013 15:32

    You can go with Policy-based VPNs or Route-based VPNs.  It depends on what your needs are for routing and/or connectivity from the LANs behind the SRX to/from the LANs behind the SSG (all to all, many to many, one to many, etc.)

     

    Either way will work, it's just a matter of making the configurations easier.

     

    You won't have to mess with Proxy IDs with Juniper-Juniper VPNs... Juniper devices are far more liberal with accepting Proxy IDs.

     

    If you could elaborate a little on what your needs are for communications between the secured LANs we can help guide you toward a good solution for your situation.



  • 3.  RE: VPN with multiple subnets on each side (SRX to SSG)

    Posted 06-06-2013 15:38

    I'll post some details later on for the reference of others that may have similar problem. For now knowledge that route-based should work is good enough for me, hence accepting reply as solution 🙂

     

    Thanks,

    Carlos