SRX Services Gateway
Highlighted
SRX Services Gateway

Multiple Address Pools for dyn-vpn?

[ Edited ]
2 weeks ago

Hi,

We've recently added a second range to our VPN set up (couldn't expand the range because of overlap) and whilst most things are working I have an issue with users hitting our proxy, I think I've narrowed it down the the access second of the SRX config but not 100%.

 

Anyway, I've created a new address-pool with the new range in, but i'm struggling to work out who I can add multiple pools to the profile (like you can in ASA)

 

access {
    profile dyn-vpn-access-profile {
        authentication-order securid;
        client XXXX_All_Users client-group XXXX_All_Users;
        address-assignment {
            pool dyn-vpn-address-pool;
        }
    }
    address-assignment {
        pool dyn-vpn-address-pool {
            family inet {
                network x.x.x.x/23;
                xauth-attributes {
                    primary-dns x.x.x.x/32;
                }
            }
        }
    }
    securid-server {
        XXXXX001 configuration-file /var/db/securid/xxxxxxxxxx/sdconf.rec;
    }
    firewall-authentication {
        web-authentication {
            default-profile dyn-vpn-access-profile;
        }
    }
}

 

I'd like to be able to add dyn-vpn-address-pool2 to the profile address-assignment along with the existing dyn-vpn-address-pool

 

pool dyn-vpn-address-pool2 {
family inet {
network x.x.x.x/23;
xauth-attributes {
primary-dns x.x.x.x/32;

Is this even possible?

 

Thanks in advance.