Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Site-to-site vpn with specific hosts

    Posted 07-18-2009 23:34

    hi,

     

    currently i configured a site-to-site vpn for a customer which works fine, but i have a request from that customer that he need it for aspecific host e.g ( mail server on branch with mail server in HO ) is it possible with policy based vpn ? and how to achieve ot ?



  • 2.  RE: Site-to-site vpn with specific hosts

    Posted 07-19-2009 00:40

    do u mean that instead of a whole range of ips you want to just specify a host instead? if yes, thats definitely possible just by changing the policy.

    Or did you mean that in addition to the site tosite you want another vpn to the same gateway but with only the specific host ?

    thats still doable by creating another policy and using the same vpn. the host that matches the new policy will have different sa.



  • 3.  RE: Site-to-site vpn with specific hosts

    Posted 07-19-2009 00:51

    yes insted the whole range of ips i need a specific hosts to communicate, i just need to add the hosts in the policy or there is another way

     



  • 4.  RE: Site-to-site vpn with specific hosts
    Best Answer

    Posted 07-19-2009 12:43

    For Route based VPN:

     

    1) Add a route for the particular address for the tunnel

          for e.g : set route x.x.x.x/32 int tunnel.1

    2) Verify that policy is allowing that IP address

     

     

    For Policy Based VPN:

     

    1) Add the IP address on the VPN policy

    2) Verify the routes

     

    Thanks

    Atif