SRX Services Gateway
Highlighted
SRX Services Gateway

More than 1 route based VPN on an interface

‎10-07-2015 08:25 AM

If I understand this correctly I should be able to do this. But I've been wrong before...

 

I use a SRX550 for multiple route based VPN's. In they have been set up with 1 public ip on the outbound interface, then bind the tunnel to it etc etc.

 

My question is... Can I have more than 1 VPN on the interface?

 

For example: 

ge-0/0/0 address 1.1.1.1

 

Tunnel 1:

ike-policy IKE-policy-12345;
address 100.100.100.100;
dead-peer-detection;
external-interface ge-0/0/0;

 

Of course all the other good stuff that goes with the Tunnel...

 

Then Tunnel2:

 

ike-policy IKE-policy-54321;
address 200.200.200.200;
dead-peer-detection;
external-interface ge-0/0/0;

 

+++ the rest of the config.

 

Basically I'd make sure there are no duplicates for external IP's EXECPT for the interface going out to the outside world.

 

Does that make sense? Can this be done?

 

 

2 REPLIES 2
SRX Services Gateway
Solution
Accepted by topic author sumcallmetim
‎10-07-2015 09:28 AM

Re: More than 1 route based VPN on an interface

‎10-07-2015 08:35 AM

Hi,

 

If I understand your question correctly, then of course you can!

 

Have a read below and see whether a Policy or Route based VPN best suits your needs.  Usually a Route Based VPN is the way to go.

 

http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/example/ipsec-route-based-vpn-configuring....

http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/example/ipsec-policy-based-vpn-configuring...

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
Highlighted
SRX Services Gateway

Re: More than 1 route based VPN on an interface

‎10-07-2015 09:29 AM

Fantastic!!! Route based is what I need for sure. Thanks! 

Feedback