[j-nsp] IPSEC dynamic peers in JUNOS
Wink
dwinkworth at wi.rr.com
Tue Nov 13 21:20:19 EST 2007
All:
First, whats up Tray?
Second, what experience do you all have with dynamic IPSec peers in
JUNOS? Looking at the documentation, it seems we would practically need
a public IP for every remote dynamic peer customer, since we can't share
the same key with multiple customers per our security policy (only one
pre-shared key per service-set, and only one service-set per public
IP). Also since you can't use the same local-gateway in multiple
service-sets, and obviously can't map a PIC service-interface to
multiple VRFs.... that means a public IP per dynamic peer customer.
For us, that would mean a lot of public IPs.
Any creative workarounds out there?
D
More information about the juniper-nsp
mailing list