[j-nsp] NetScreen SSG520: Should the "Untrust-Tun" Tunnel-Zone be used for route-based VPNs?

F J ripprapp at hotmail.com
Wed Jun 10 17:32:28 EDT 2009


Hi, 
We will migrate our existing NS204 to an SSG520.

In the NS204 we have a lot of route-based VPN tunnels bound to the Untrust Zone.

I have heard that you shouldn't do it like this and instead have a dedicated VPN Zone where the tunnels are terminated. 
Am I Correct?

Is this what the predefined "Untrust-Tun" Zone is supposed to be used for?

If so I have another problem. Today our IPsec tunnels are unnumbered but in a "Tunnel Zone" (as Untrust-Tun is) the tunnel interface must have an IP-address?

Best Regards
/// Fredrik
_________________________________________________________________
Drag n’ drop—Get easy photo sharing with Windows Live™ Photos.

http://www.microsoft.com/windows/windowslive/products/photos.aspx


More information about the juniper-nsp mailing list