Route based and policy based VPN over same vSRX devices
[ Edited ]
I am quite new to FW and after I've learned some basics about JunOS and SRX I am trying to configure some VPNs.
For the moment using this route based VPN KB i have managed to bring up the VPN between LAN10 host and LAN50 host, next i want to configure a policy based VPN between LAN60 host and LAN20 host following this policy based VPN KB.
If can you advise me on how to approach this because right now for me policy VPN is quite messy :).
I am working in EVE-NG with virtual devices.
Edit: dunno why i cannot upload picture, so here is my topology
Re: Route based and policy based VPN over same vSRX devices
Thanks for the diagram it makes it clearer what is going on.
I don't think you will be able to do a mix of route and policy vpn in this topology. Your two SRX are connecting vpn on the same gateway so the ike gateway session will be shared and this is really just one vpn with two subnets behind each SRX.
You will need to remove the route based vpn and replace it with the policy version.
Steve Puluka BSEET - Juniper Ambassador IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP) http://puluka.com/home