SRX Services Gateway
SRX Services Gateway

Hub-n-spoke multipoint VPN configuration on SRX650

‎02-06-2014 06:42 AM

Hello! I`m going to configure multipoint hub-n-spoke VPN on two SRX650 in cluster mode like this http://www.juniper.net/techpubs/en_US/junos11.4/topics/example/vpn-hub-spoke-nhtb-example-configurin...

 

but i am also want have two redundancy ISP on the hub and also provide access to the internet by NAT service on the hub to the spokes local networks. It should work like this behavior: VPN should connect to the hub throught ISP1 and NAT should work on ISP2, if ISP1 fails then VPN should conect throught ISP2. 

 

Is there any possibility to achieve the task? I`m thinking about FBF but don`t know how to apply it on ST0 interface...

2 REPLIES 2
SRX Services Gateway

Re: Hub-n-spoke multipoint VPN configuration on SRX650

‎02-06-2014 11:38 PM

To initial setup your Hub/spoke topology I would start here. http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/example/ipsec-hub-and-spoke-configuring.ht...

 

In the forum are enough topics about "Multi ISP failover setups" Just have a look, they will also show you howto setup nat. 

 

Ofcourse you can nat traffic from you "Spokes" towards ISP1 and ISP2  I would use OSPF to advertise a default route to the spokes for their "Local networks" to make nat work over the vpn.

 

 

Marc



-----------------------------------------------------------------
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too
-----------------------------------------------------------------
SRX Services Gateway

Re: Hub-n-spoke multipoint VPN configuration on SRX650

‎02-10-2014 06:06 AM

Thanks for your reply! I did the VPN backup route but the last thing i don`t know how manage th traffic from VPN tunels to not use default gateway and go to the routing instance default route. Since there is no possibility to use firewall filters on st0 interfaces how to use FBF for tunel traffic?