SRX Services Gateway
Highlighted
SRX Services Gateway

Tunnels with different IPs terminating on same physical interface

‎01-09-2015 09:19 AM

In order to create tunnels to our various AWS VPC instances, I need a separate public IP for each tunnel. I have a /29 public network P2P block, as well as a /27 block that's statically routed to our P2P block. Can I use the same external interface for the VPN connections and use source NAT to ensure the replies come from the correct IP address?

 

For example, my P2P block is 1.1.1.0/29. 1.1.1.1 is the ISP router, and 1.1.1.2-.6 are usable, with 1.1.1.7 as the broadcast. I also have 1.1.2.0/27 as a usable block that is statically routed to my P2P block. Can I set 1.1.2.1 as the tunnel endpoint, and use source NAT to make replies come from that IP?

2 REPLIES 2
Highlighted
SRX Services Gateway

Re: Tunnels with different IPs terminating on same physical interface

‎01-09-2015 02:02 PM

For anyone trying to do this, it works. I had to do a few things,

 

  1. Set proxy-arp on the external interface
  2. Create a new security nat source rule-set, using from zone junos-host and to zone untrust
  3. Set up standard source NAT rules
  4. Profit

Tunnels came up after adding this configuration.

Highlighted
SRX Services Gateway

Re: Tunnels with different IPs terminating on same physical interface

‎06-18-2015 12:38 AM

Has anyone else setup multiple AWS tunnels to a single SRX? Is there a detailed example of how?