[j-nsp] SRX - multipoint st0 tunnel interface and static route

Mark Menzies mark at deimark.net
Fri Sep 14 05:51:28 EDT 2012


On 14 September 2012 10:10, pkc_mls <pkc_mls at yahoo.fr> wrote:

> Le 14/09/2012 10:10, Mark Menzies a écrit :
>
>  Have you set up NHTB?  As the other side is non junos, you will need to
>> set this up manually.  NHTB allows the SRX to decide which VPN to send the
>> remote traffic down. I will need to check but I am fairly sure that we will
>> still need to set up routes for the remote nets to send them to st0.
>>
>>  NHTB has not been set, both tunnels go to the same gateway and same
> network.
> There are two local subnets involved.
>
>
>  I take it the other side is just set up as a normal policy type VPN and
>> as such should be looking for the proxy-IDs you have set?
>>
> sonicwall with this release can only be configured as policy type VPN.
> proxy IDs are fine and both tunnels comes up, but the traffic is dropped
> with a re-route error message.
>
> How do you route to the remote nets?  Do you have the 2 routes set up on
the SRX to send it to the st0 interface?  If you do, then we do need NHTB
set up to dictate which VPN the traffic goes down when it arrives at st0.

Alternatively, set up 2 tunnel interfaces, ie st0.0 and st0.1 and bind each
VPN to its own tunnel interface.

Also, can you let us know what this reroute error message is?

>
> ______________________________**_________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/**mailman/listinfo/juniper-nsp<https://puck.nether.net/mailman/listinfo/juniper-nsp>
>


More information about the juniper-nsp mailing list