SRX Services Gateway
Reply
Contributor
jyokoyama
Posts: 13
Registered: ‎10-01-2010
0

changing vpn endpoints

while working on a vpn tunnel (from an srx210 to an srx240), we are migrating to a new isp on one side. simply changing the ike gateway remote address did not update the firewall to actually send ike packets to the new endpoint. i had to delete the ike gateway, ike policy, ipsec policy and ipsec vpn sections, commit and then rollback. 

 

fyi

Distinguished Expert
Screenie
Posts: 1,080
Registered: ‎01-10-2008
0

Re: changing vpn endpoints

Uh clear security ike security-associatents might have done the trick.........

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Contributor
jyokoyama
Posts: 13
Registered: ‎10-01-2010
0

Re: changing vpn endpoints

oh yeah, forgot to mention that i cleared all relating ike and ipsec security-associations, and it still kept trying the old endpoint.

Contributor
dscott98
Posts: 38
Registered: ‎09-04-2010
0

Re: changing vpn endpoints

The only way I've been able to get around this is to deactivate the VPN, commit the changes, and then re-activate.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.