SRX Services Gateway
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
rotearc
Contributor
rotearc
Posts: 82
Registered: ‎07-10-2010
0

setup dynamic vpn as non-split vpn tunnel

[ Edited ]
Options

‎12-08-2010 07:24 PM - edited ‎12-08-2010 07:38 PM

Hi JNet experts,

 

I am trying to setup the dynamic vpn as non-split vpn.  All user traffics will forward through the vpn tunnel and then route to internet from the SRX.  Is it possible to do that?

 

Thanks,

 

rotearc

 

 

Message 1 of 2 (1,863 Views)
 
Reply
rotearc
Contributor
rotearc
Posts: 82
Registered: ‎07-10-2010
0

Re: setup dynamic vpn as non-split vpn tunnel

Options

‎12-12-2010 06:15 PM

I got it to work, it is quite interesting..  I have the vpn terminated at vpn zone, and I need to setup a NAT and firewall policy to allow from untrust zone to untrust zone.  Also, the remote resource is 0.0.0.0/0 in my case.

 

        from-zone untrust to-zone vpn {
            policy policy_in_wizard_dyn_vpn {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit {
                        tunnel {
                            ipsec-vpn wizard_dyn_vpn;
                        }
                    }
                }
            }
        }
        from-zone untrust to-zone untrust {
            policy stupid-vpn-poilicy {
                match {
                    source-address 10.10.3.248/29;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }

Message 2 of 2 (1,801 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.