SRX Services Gateway
SRX Services Gateway

Two IPsec tunnels, SRX.

[ Edited ]
‎02-13-2020 07:30 AM

Hi there,

I am trying to create a solution where interesting traffic can traverse two IPsec tunnels between the same two firewalls, please see topology attached:


The issue i am having is only one of the vpn's is working and the other is down:

show security ike security-associations
Index   State  Initiator cookie  Responder cookie  Mode           Remote Address
4781957 UP     f18ee9deae57e28f  cf6828432f53694f  IKEv2
4782025 DOWN   dbba261f6ed738c4  0000000000000000  IKEv2

including the tunnel interface which is in a up down state.


I want both VPN tunnels up at the same time and interesting traffic able too use both tunnels st0.1 and st0.2. They key requirement for me is to use one physical external interface for both VPN's on each side.


Can anyone assist me on a solution for getting both VPN tunnels to be running at the same time. I currently have full connectivity using st0.1


Eventually, I will use ECMP over the two VPN's but firstly need to get the second up.


Any help would be appreciated. Please ask if further detail is needed.



SRX Services Gateway

Re: Two IPsec tunnels, SRX.

‎02-16-2020 06:00 AM

Any advice on why the second VPN is not coming up would be appreciated.

SRX Services Gateway

Re: Two IPsec tunnels, SRX.

‎02-16-2020 06:14 AM



Please see if this forum post from 2011 helps





Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements


Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
SRX Services Gateway
Accepted by topic author jjelliott1821
‎02-29-2020 01:12 PM

Re: Two IPsec tunnels, SRX.

‎02-29-2020 01:12 PM

Resolved this in the end, proxy-identities can be used to uniquely identify each IPsec tunnel, as long as this is different for each ipsec tunnel they will come up.