Message Image

Skip main navigation (Press Enter).

SRX

last person joined: 2 days ago

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Back to discussions

Expand all | Collapse all

route based vpn and nat on srx version 12.1

Jump to Best Answer

Erdem07-15-2014 18:13

I have an old SRX650 with route based vpn running to several remote srx. This has worked fine for years. ...

Erdem07-15-2014 19:53Best Answer

Hi jmcgrady, I understand that 2 vpn tunnels is not coming after upgrade. Configure the ...

1. route based vpn and nat on srx version 12.1

0 Recommend
Erdem
Posted 07-15-2014 18:13

Reply Reply Privately
I have an old SRX650 with route based vpn running to several remote srx. This has worked fine for years. I just tried updating the 650 to junos 12.1X44 D35.5 - after which two of the vpn tunnels would not come up. These two, unlike the others, have a static nat in effect at the remote end. Has Juniper changed the way ipsec vpn works through a NAT recently?
2. RE: route based vpn and nat on srx version 12.1
Best Answer

0 Recommend
Erdem
Posted 07-15-2014 19:53

Reply Reply Privately
Hi jmcgrady,

I understand that 2 vpn tunnels is not coming after upgrade.

Configure the following configuration line for those vpn tunnels.

set security ike gateway <gateway_name> general-ikeid

http://kb.juniper.net/InfoCenter/index?page=content&id=KB27302
http://kb.juniper.net/InfoCenter/index?page=content&id=KB25462

General Ike ID configuration is bypass ID validation for NAT scenario's.

Regards
rparthi

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too

Powered by Higher Logic