[j-nsp] VPN from SRX to CIsco with more than subnet locally
Robert Hass
robhass at gmail.com
Thu Jan 17 12:45:20 EST 2013
On Wednesday, January 16, 2013, Pavel Lunin wrote:
>
>
> Despite this is pretty obvious and elegant, it's a very common case when
> you can't do this for whatever reason. E. g. older IOS could not do VTI
> without GRE but SRX cluster could not do GRE until very recent; remote
> peer is just too dumb, etc. Sometimes remote side just won't switch to
> route-based because they don't know how to or it's a NOC shift with
> strict config guidelines that they can break. A very straightforward
> workarond for such cases is to add another tunnel to the same peer for
> the second pair of subnets. But it requires another global address on
> one side.
or vpn remote side is ASA which not support GRE and VTI
Rob
More information about the juniper-nsp
mailing list