SRX Services Gateway
SRX Services Gateway

How to change SRX route-based VPN proxy id

07.12.11   |  
‎07-12-2011 01:03 PM
Hi there, I've searched the Junos security config guide and this forum too but it's still unclear on how to manually set proxy-id for route-based VPN. The manuals just said it has to match on both ends but it didn't mention how to set it up to match the other end especially the other end is a 3rd party device. And also is there a way to use "ip unnumbered" like SSG for the st0 interface? If SRX is connecting to 3rd party VPN endpoint, they don't care about st0 interface IP at all. So does it matter which IP to use? I just tested in our lab to connect SRX to SSG and I didn't set any IP address in st0.0 at all. The VPN tunnel seems to be working too. So I wonder what's the point of st0 IP? Rgds, Lawrence
5 REPLIES
Highlighted
SRX Services Gateway

Re: How to change SRX route-based VPN proxy id

07.12.11   |  
‎07-12-2011 01:55 PM

root@SRX5800# set ike proxy-identity local 10.0.0.0/8 remote 192.168.1.0/24

 

SRX Services Gateway

Re: How to change SRX route-based VPN proxy id

07.12.11   |  
‎07-12-2011 02:03 PM

... correction

 

set security ipsec vpn vpn-name ike proxy-identity local 10.0.0.0/8 remote 192.168.1.0/24 service any

SRX Services Gateway
Solution
Accepted by topic author fire2power
‎08-26-2015 01:27 AM

Re: How to change SRX route-based VPN proxy id

[ Edited ]
07.12.11   |  
‎07-12-2011 02:27 PM

Guess it is important to provide the configuration stanza. Sorry about that!

 

[edit security ipsec vpn vpn-name]

root@SRX5800# set ike proxy-identity local 10.0.0.0/8 remote 192.168.1.0/24

 


 Thanks for catching that oldtimer. Appreciate it

SRX Services Gateway

Re: How to change SRX route-based VPN proxy id

07.12.11   |  
‎07-12-2011 03:27 PM
Thanks all. I'll test it in lab later on.
SRX Services Gateway

Re: How to change SRX route-based VPN proxy id

01.22.15   |  
‎01-22-2015 04:32 AM

sorry but i need to ask this question ...

 

what is the purpose of specifying proxy-id ?

Ajaz Nawaz
JNCIE-SEC#254 CCIE#15721
JNCIA-FWV | JNCIS-FWV
JNCIA-JUNOS | JNCIS-SEC
JNCIP-SEC | JNCIE-SEC
CCNP-Collaboration