[j-nsp] srx240 VPN Question

Tim Eberhard xmin0s at gmail.com
Wed May 1 14:41:50 EDT 2013


There are two methods possible ways of doing this (to me).

1) Stand up two VPN tunnels and just have one down at all times. You would
use your existing configuration (assuming it's main mode) and just change
the source IP where you expect the VPN initiator to come from.

2) Change your existing main mode vpn into an aggressive mode VPN. This way
you can local identity authenticate based upon FQDN and the IP check of
the initiator doesn't take place.

This might help:
http://www.juniper.net/techpubs/software/junos-security/junos-security10.2/junos-security-swconfig-security/topic-40777.html




On Wed, May 11, 2011 at 7:53 AM, Pappas, AJ <apappas at ottawaregional.org>wrote:

> I have a srx240.  I have someone who has a vpn with us who wants to change
> from a static IP address on an ipsec tunnel to a FQDN.  Is there any
> documentation on how to do this or if it is possible?  He is able to
> provide the two ip’s to me that it will be coming from.  This is for a
> failover from them.  Two separate providers / ip’s.****
>
> ** **
>
> *AJ Pappas *  |   Network Administrator **
>
> *Ottawa Regional Hospital & Healthcare Center*
> [image: Description: Description: Description: logo]**
>
>
> www.ottawaregional.org  |  apappas at ottawaregional.org
> *phone:* 815.431.5180 | *mobile line: *815.993.8522
> 1100 East Norris Drive, Ottawa, IL 61350 USA****
>
> ** **
>
> *P*  Please consider the environment before printing this e-mail. ****
>
> ** **
>
> ** **
>
> Confidentiality Notice: This e-mail may contain confidential information.
> The information is intended only for the use of the recipient named above.
> If you are not the intended recipient, you are hereby notified that any
> disclosure, copying, distribution, or the taking of any action in reliance
> on the contents of this information, except its direct delivery to the
> intended recipient named above, is strictly prohibited.  If you have
> received this e-mail in error, please notify the sender of this and also
> delete the e-mail from all systems this message is stored on.****
>
> ** **
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20130501/56ddd8e9/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3304 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20130501/56ddd8e9/attachment-0001.jpg>


More information about the juniper-nsp mailing list