Policy Based VPN

last person joined: 8 months ago

This is a legacy community with limited Juniper monitoring.

Back to discussions

Expand all | Collapse all

Jump to Best Answer

1. Policy Based VPN

0 Recommend
Arzo
Posted 12-05-2007 03:37
Dear All,
i used to configure policy based vpn from long time ago without any problems, i'm confused here that these days its not working unless i enable RIP on the trust interface !! which i do remember (or maybe i'm wrong)that i dont need to enable it !! anyone can help me please.. should the policy based VPN work without enabling RIP on the trust zone.. !!!
#config
#policy
#RIP
#vpn
#based
#routing
#configuration
2. RE: Policy Based VPN

0 Recommend
Erdem
Posted 12-05-2007 14:39
RIP is most definitely NOT required for policy-based VPNs. What error are you seeing in event log? Can you post relevant configs? In particular, IKE, VPN and tunnel policy configs.
3. RE: Policy Based VPN

0 Recommend
Erdem
Posted 12-05-2007 23:38
for your Trust and Untrust interfaces, you are using NAT or ROUTE?
4. RE: Policy Based VPN

0 Recommend
Arzo
Posted 12-06-2007 02:23
| view attached
thank you rkim and chintag for taking care of this issue, well.. here is the configuration for the hub and spoke1.. spoke2 is the same is spoke1 so i didnt send it.

the VPN is Active and UP on hun when i'm using RIP without enabling it on the trust interfaces, but its active and down on both spokes.

i used static routes and worked fine, but i need to use RIP. the configuration is with static, if you want me to configure it as RIP and send it i will. thanks a lot.

Attachment(s)

Desktop.zip 2 KB 1 version
5. RE: Policy Based VPN
Best Answer

0 Recommend
Erdem
Posted 12-06-2007 10:43
VPN shows active/down because VPN monitor is failing unless a route exists for the hub network. Out of curiosity, why are you using policy-based VPN for this? When using a dynamic routing protocol across VPNs, a route-based VPN is recommended. From the looks of your configs, I see no reason why you cannot use route-based. Due to the nature of RIP broadcasts or RIP/OSPF multicast, I don't recall either of these protocols work properly across policy-based VPNs.

My recommendation is change this to a route-based VPN and apply RIP on the tunnel interfaces.
6. RE: Policy Based VPN

0 Recommend
Arzo
Posted 12-08-2007 23:06
thank you so much for the great info, your efforts are appreciated.

Screen OS

Policy Based VPN

Arzo12-05-2007 03:37

Erdem12-05-2007 14:39

Erdem12-05-2007 23:38

Arzo12-06-2007 02:23

Erdem12-06-2007 10:43Best Answer

Arzo12-08-2007 23:06

1. Policy Based VPN

2. RE: Policy Based VPN

3. RE: Policy Based VPN

4. RE: Policy Based VPN

5. RE: Policy Based VPN Best Answer

6. RE: Policy Based VPN

5. RE: Policy Based VPN
Best Answer