[j-nsp] SRX/J VPN BGP with multiple proxy-ids
Michael Dale
mdale at dalegroup.net
Wed Feb 3 22:15:21 EST 2010
> Somebody needs to open an enhancement request to allow multiple Proxy-IDs to
> be configured for a Route-based VPN.
This was added in ScreenOS 6.3
http://www.juniper.net/techpubs/software/screenos/screenos6.3.0/630_rn_r2.pdf
"Support for Multiple Proxy IDs Over Route-Based VPN—ScreenOS 6.3.0 supports multiple proxy IDs on a route-based VPN. If multiple tunnels exist between peers, the security device uses proxy IDs to route the traffic through a particular tunnel. For each proxy ID, a specific tunnel and Phase 2 SA are associated. When traffic matching a proxy ID arrives, the security device does a proxy-ID check to route that traffic. If multiple proxy IDs are defined for a route-based VPN, a proxy ID check is always performed, even if it is disabled. In a hub-and-spoke topology, proxy IDs should be defined for both hub-to-spoke and spoke-to-spoke configurations."
Not sure about the SRX unfortunately.
Thanks,
Michael.
More information about the juniper-nsp
mailing list