[j-nsp] NetScreen SSG520: Should the "Untrust-Tun" Tunnel-Zone be used for route-based VPNs?
F J
ripprapp at hotmail.com
Wed Jun 10 17:32:28 EDT 2009
Hi,
We will migrate our existing NS204 to an SSG520.
In the NS204 we have a lot of route-based VPN tunnels bound to the Untrust Zone.
I have heard that you shouldn't do it like this and instead have a dedicated VPN Zone where the tunnels are terminated.
Am I Correct?
Is this what the predefined "Untrust-Tun" Zone is supposed to be used for?
If so I have another problem. Today our IPsec tunnels are unnumbered but in a "Tunnel Zone" (as Untrust-Tun is) the tunnel interface must have an IP-address?
Best Regards
/// Fredrik
_________________________________________________________________
Drag n’ drop—Get easy photo sharing with Windows Live™ Photos.
http://www.microsoft.com/windows/windowslive/products/photos.aspx
More information about the juniper-nsp
mailing list