Management
Management

SRX connecting over IPSEC to NSM

05.04.11   |  
‎05-04-2011 06:27 AM

I got two sites with one SRX in each, connected over an IPSEC tunnel.

 

I've installed our NSM(xpress) in site1, but the SRX in site 2 can't access the NSM in site1 over IPSEC. Anyone know how to do this?

3 REPLIES
Management

Re: SRX connecting over IPSEC to NSM

05.05.11   |  
‎05-05-2011 07:59 AM

With Netscreens there used to be an option to specify the 'src-interface' to a tunnel interface.  SRX's seem a bit more flexible as to how self-generated traffic is routed out the device.  Are you using a route-based VPN on the SRX's?  If so, do you have a route for the NSM server pointing over the ST interface?

Juniper Elite Partner
JNCIE-ENT #63, JNCIE-SP #705, JNCIE-SEC #17, JNCIS-FWV, JNCIS-SSL
Management

Re: SRX connecting over IPSEC to NSM

04.12.12   |  
‎04-12-2012 12:34 AM

I were facing the same problem (routing set, else I would not even be able to remotly connect to srx).

In short: I had to change the primary IP of the managed srx.

 

I actually had this configuration:

 

Remote Site:

Vlan0

- Subnet1 (LAN)

- Subnet2 (Secondary LAN)

 

Management Site:

- Subnet3 (NSM)

 

Ipsec SA was Subnet2/Subnet3.

 

I connected the nsm to the srx at the secondary IP. But the device did not report back.

 

With packet dump I could see that the device tried to connect to the remote site with the wrong ip adress: subnet1.

When I saw this, I changed the vlan0 to the second subnet as primary, then the device connected just fine.

Highlighted
Management

Re: SRX connecting over IPSEC to NSM

04.13.12   |  
‎04-13-2012 04:08 AM

trondvh wrote:

I got two sites with one SRX in each, connected over an IPSEC tunnel.

 

I've installed our NSM(xpress) in site1, but the SRX in site 2 can't access the NSM in site1 over IPSEC. Anyone know how to do this?


Really hard to help you with this little information. Can you give us some more details?

Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860