SRX Services Gateway
Highlighted
SRX Services Gateway

changing vpn endpoints

10.22.10   |  
‎10-22-2010 07:49 AM

while working on a vpn tunnel (from an srx210 to an srx240), we are migrating to a new isp on one side. simply changing the ike gateway remote address did not update the firewall to actually send ike packets to the new endpoint. i had to delete the ike gateway, ike policy, ipsec policy and ipsec vpn sections, commit and then rollback. 

 

fyi

3 REPLIES
SRX Services Gateway

Re: changing vpn endpoints

10.23.10   |  
‎10-23-2010 07:03 AM

Uh clear security ike security-associatents might have done the trick.........

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
SRX Services Gateway

Re: changing vpn endpoints

10.23.10   |  
‎10-23-2010 07:41 AM

oh yeah, forgot to mention that i cleared all relating ike and ipsec security-associations, and it still kept trying the old endpoint.

SRX Services Gateway

Re: changing vpn endpoints

11.01.10   |  
‎11-01-2010 06:30 AM

The only way I've been able to get around this is to deactivate the VPN, commit the changes, and then re-activate.