SRX Services Gateway
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
jyokoyama
Contributor
jyokoyama
Posts: 13
Registered: ‎10-01-2010
0

changing vpn endpoints

Options

‎10-22-2010 07:49 AM

while working on a vpn tunnel (from an srx210 to an srx240), we are migrating to a new isp on one side. simply changing the ike gateway remote address did not update the firewall to actually send ike packets to the new endpoint. i had to delete the ike gateway, ike policy, ipsec policy and ipsec vpn sections, commit and then rollback. 

 

fyi

Message 1 of 4 (3,875 Views)
 
Reply
Distinguished Expert
Distinguished Expert
Screenie
Posts: 942
Registered: ‎01-10-2008
0

Re: changing vpn endpoints

Options

‎10-23-2010 07:03 AM

Uh clear security ike security-associatents might have done the trick.........

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Message 2 of 4 (3,846 Views)
 
Reply
jyokoyama
Contributor
jyokoyama
Posts: 13
Registered: ‎10-01-2010
0

Re: changing vpn endpoints

Options

‎10-23-2010 07:41 AM

oh yeah, forgot to mention that i cleared all relating ike and ipsec security-associations, and it still kept trying the old endpoint.

Message 3 of 4 (3,840 Views)
 
Reply
dscott98
Contributor
dscott98
Posts: 32
Registered: ‎09-04-2010
0

Re: changing vpn endpoints

Options

‎11-01-2010 06:30 AM

The only way I've been able to get around this is to deactivate the VPN, commit the changes, and then re-activate.

Message 4 of 4 (3,630 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.