[j-nsp] Multi-proxy IDS on route based VPN (SRX)
Patrick Dickey
dickeypjeep at yahoo.com
Wed Aug 29 13:22:18 EDT 2012
I can think of two options: Use GRE so you don't have to worry about the
multiple proxy IDs. Not sure this would work for you with multi-site though.
You can create multiple proxy-ids using different/several phase 2 tunnels
with the same/single phase 1 gateway. This is a bit tedious, but I'd think
it could work for you.
Patrick
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of mahmoud yasin
Sent: Wednesday, August 29, 2012 2:34 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] Multi-proxy IDS on route based VPN (SRX)
Hi
I have SRX and want to setup Site-Site VPN with another vendor (Cisco), but
i have the following conditions;
- I have more than one site to create VPN with it.
- There are multible subnets on each VPN tunnel.
- The private Subnets are overlapping (so i have to use NAT over the VPN).
based on this i think that i have to go with route based VPN (due to the
required NATing), am i right?
if so then i have to create multi proxy IDs for each tunnel, but its not
supported.
is there ane idea about this case??
Regards
Mahmoud
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list