[j-nsp] srx240 VPN Question
Aaron Dewell
aaron.dewell at gmail.com
Wed May 1 14:52:23 EDT 2013
I use this for backup connectivity on dynamic endpoints and they are quite happy. One end must be fixed (which I assume is yours).
Their configuration:
set security ike gateway gateway-name local-identity inet their-vpn-ip-address
set security ike gateway gateway-name remote-identity inet your-vpn-ip-address
Yours:
set security ike gateway gateway-name local-identity inet your-vpn-ip-address
set security ike gateway gateway-name dynamic inet their-vpn-ip-address
delete security ike gateway gateway-name address
I believe this requires 11.3+ but I'm not exactly sure. The remote-identity command is not there in earlier versions.
Aaron
On May 11, 2011, at 8:53 AM, Pappas, AJ wrote:
> I have a srx240. I have someone who has a vpn with us who wants to change from a static IP address on an ipsec tunnel to a FQDN. Is there any documentation on how to do this or if it is possible? He is able to provide the two ip’s to me that it will be coming from. This is for a failover from them. Two separate providers / ip’s.
>
> AJ Pappas | Network Administrator
>
> Ottawa Regional Hospital & Healthcare Center
> <image001.jpg>
>
>
> www.ottawaregional.org | apappas at ottawaregional.org
> phone: 815.431.5180 | mobile line: 815.993.8522
> 1100 East Norris Drive, Ottawa, IL 61350 USA
>
> P Please consider the environment before printing this e-mail.
>
>
> Confidentiality Notice: This e-mail may contain confidential information. The information is intended only for the use of the recipient named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or the taking of any action in reliance on the contents of this information, except its direct delivery to the intended recipient named above, is strictly prohibited. If you have received this e-mail in error, please notify the sender of this and also delete the e-mail from all systems this message is stored on.
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list