[j-nsp] VPN from SRX to CIsco with more than subnet locally

Robert Hass robhass at gmail.com
Wed Jan 16 08:25:20 EST 2013


Hi

I have VPN between Cisco 2900 and SRX 240. VPN is working good, but guys
on Cisco side would like to have also access to my second subnet
10.16.0.0/24

How to handle this on SRX side ? I can have only one possition at
proxy-identity local

My config:

set security ipsec vpn TEST ike proxy-identity local 10.0.0.0/24
set security ipsec vpn TEST ike proxy-identity remote 192.168.0.0/24

Cisco NEW config:

access-list 100 permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 100 permit ip 192.168.0.0 0.0.0.255 10.16.0.0 0.0.0.255
<-- this added


Rob


More information about the juniper-nsp mailing list