SRX Services Gateway
SRX Services Gateway

Site to Site VPN between SRX210 (HA Cluster) and Standalone Cisco ASA

‎03-02-2017 01:38 AM

Hi

 

I need to configure Site to Site IPsec route based VPN between SRX210 (HA cluster) and standalone Cisco ASA.

 

Please share sample configuration for same.

 

Quick response is highly appreciated.

4 REPLIES 4
SRX Services Gateway

Re: Site to Site VPN between SRX210 (HA Cluster) and Standalone Cisco ASA

‎03-02-2017 01:45 AM

Hello ,

 

Please check the following  :

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB28120&actp=search


Thanks,
Sam

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....
SRX Services Gateway

Re: Site to Site VPN between SRX210 (HA Cluster) and Standalone Cisco ASA

‎03-02-2017 01:47 AM

Hello ,

 

To add , the only difference from the above doc is that , in SRX cluster we use reth interface instead of "ge-" as per in the doc .


Thanks,
Sam

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....
SRX Services Gateway

Re: Site to Site VPN between SRX210 (HA Cluster) and Standalone Cisco ASA

‎03-02-2017 02:43 AM

I have revied the URL as suggested and edit some portion

 

Please advise whether I need to edit these for redundant ethernet section and rest all remain same except IP addressess and pre-shared keys for building configuration

 

gateway gw-chicago {
            ike-policy ike-phase1-policy;
            address 100.1.1.1;
            external-interface reth-0/0/0.0;


        }

interfaces {
                reth-0/0/0.0;
                st0.0;

SRX Services Gateway

Re: Site to Site VPN between SRX210 (HA Cluster) and Standalone Cisco ASA

‎03-02-2017 03:06 AM

hello ,

 

Correct , its not reth-0/0/0.0  , its reth0.0  .

 

 

gateway gw-chicago {
            ike-policy ike-phase1-policy;
            address 100.1.1.1;
            external-interface reth0.0;


        }

interfaces {
                reth0.0;
                st0.0

 

In SRx cluster , the physical interfaces will be conversted to reduntent interfaces named as "reth "

 

eg:

ge-0/0/3.0              up    down aenet    --> reth0.0
ge-9/0/3.0              up    down aenet    --> reth0.0
reth0                  up    down
reth0.0                 up    down inet     192.168.34.5/24

 

 


Thanks,
Sam

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....