SRX

last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  three site VPN

    Posted 04-28-2015 10:14
      |   view attached

    hi good evening 

     

    i have an work that like this

     

     

     

     

    3.3.3.3 <----> 2.2.2.2 <----> 1.1.1.1

    VPN-A             VPN-B            VPN-C

     

    i need to reach from 1.1.1.1 to 3.3.3.3 by vpn but the trafic and policy in 3.3.3.3  do not accept any trafic unless that come from 2.2.2.2 please help  me

     



  • 2.  RE: three site VPN

    Posted 04-29-2015 03:17

    Hi elbeshti mohamed,

     

    When you mention VPN you mean IPsec VPN?

    I assume you are running a hub and spoke VPN and that "2.2.2.2" is your hub.

    Could you share the configuration of this router?

     

     



  • 3.  RE: three site VPN

    Posted 04-29-2015 03:43

    the three router are site to site vpn route in vpn A with ip 3.3.3.3 the address-book in the untrrust zone is 1.1.1.0/24  only ,,,,, they donot know the lan of vpn-B with ip 2.2.2.0/24 



  • 4.  RE: three site VPN
    Best Answer

     
    Posted 04-29-2015 03:45

    have a look at the link I pasted below. Give you a nice example and config statements about HUP-Spoke IPSEC vpn configuration.

     

    https://www.juniper.net/documentation/en_US/junos11.4/topics/example/ipsec-hub-and-spoke-configuring.html



  • 5.  RE: three site VPN

     
    Posted 04-29-2015 03:55

    first you need to set a route from the A site over the B site to the C site 🙂

     

    Something like this:

     

    bla@routera#

     

    set routing options static route  2.2.2.0/24 next-hop st0.x

     

     

    on router C you do the oposit

     

    bla@routerc#

     

    set routing options static route  1.1.1.0/24 next-hop st0.x

     

     

    You need to have policy's in place on both the "hub" and both spokes to accept traffic from eachother