SRX Services Gateway
Highlighted
SRX Services Gateway

dynamic vpn

‎07-14-2016 06:39 AM

Hello,

 

I am wanting to configure dynamic vpn to allow multiple clients to connect.  Each client may have a different IP to a device/server directly connected to SRX.  I have configured the basic dynamic vpn, but need assistance in configuring the ports, nats, etc.  I do appreciate it.

 

client1-------->internet------->srx----->server1 10.30.4.0/24 on fe-0/0/5 

client2------->internet-------->srx----->server2 10.30.8.0/24 on fe-0/0/6

client3------>internet--------->srx----->server3 10.30.x.x/24 on fe-0/0/7

Attachments

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: dynamic vpn

‎07-14-2016 10:29 AM

Hello,

 

 

I apologize but i was not able to get your requirement completely with the NAT on the above described scenario.

 

I went through your configuration as well and it looks good and all the dynamic VPN clients when connected will get an IP address from pool 10.10.10.0/24 and all of them have access to servers in 10.0.0.0/8, 10.30.4.0/24, 10.30.8.0/24 subnets in trust zone. The policy is also configured fine to allow the dynamic VPN clients from untrust zone to access servers in trust zone.

 

Te only missing part in my opinion is the route for these three server subnets missing becasue the vlan interface is on subnet 192.168.1.0/24 and it will not create the route for the aove 3 subnets and hence you need to add static routes for these destinations to point towards the vlan.0 interface.

 

Also if you have any requirement w.r.t NAT then please share it so that i can help.

 

Thanks,
Pulkit Bhandari
Please mark my response as Solution Accepted if it Helps, Kudos are Appreciated too. Smiley Happy

Highlighted
SRX Services Gateway

Re: dynamic vpn

‎07-15-2016 04:02 AM

PulkitB,

thank you for your time.  For adding the static route, is this what you meant?

set routing-options static route xxxx/24 next-hop xxxx

Highlighted
SRX Services Gateway

Re: dynamic vpn

‎07-15-2016 04:12 AM

Hello,

 

 

Yes, That is exactly what i meant.

 

Thanks,

Pulkit Bhandari

Feedback