[j-nsp] SRX - multipoint st0 tunnel interface and static route

pkc_mls pkc_mls at yahoo.fr
Thu Sep 13 16:48:32 EDT 2012


Hi all,

I'm running junos 11.4r5 on an SRX210 device.

I configured a multipoint tunnel interface to bind two IPSEC tunnels to 
the same gateway (as multiple proxy IDs are
not supported yet). The remote gateway is an old sonicwall, and is not 
capable of route based VPNs.

I tried to setup a static route to the remote network, but the route 
doesn't show up.

I found some threads on juniper forums indicating I was not the nly one 
to experience this.

Did anyone find a solution to add a static route via a multipoint tunnel 
interface ?

Is this working on 12.1 ? (I'd like to keep the 11.4, but if 12.1 could 
help ...).


my interface configuration :
root at SRX240# show interfaces st0 unit 0
multipoint;
family inet;

my vpn configurations :
root at SRX240# show security ipsec vpn vpn1
bind-interface st0.0;
ike {
     gateway gw1
     proxy-identity {
         local 10.1.1.0/24;
         remote 192.168.1.0/28;
     }
     ipsec-policy policy1;
}

root at SRX240# show security ipsec vpn vpn2
bind-interface st0.0;
ike {
     gateway gw1
     proxy-identity {
         local 10.1.2.0/24;
         remote 192.168.1.0/28;
     }
     ipsec-policy policy1;
}

does anyone know how to configure multiple proxy id or have a static 
route with a multipoint tunnel interface ?

thanks.


More information about the juniper-nsp mailing list