[j-nsp] Srx 240 ipsec site to site
Klaus Groeger
klauzi at gmail.com
Mon May 13 02:30:22 EDT 2013
Hi
you may not resolve the issue with auto vpn, because the main problem is:
both sites are assigned the IPs dynamically - via dhcp or whatever. If both sites do not know the peer's IP address, they cannot establish a tunnel.
In ScreenOS, one has the option to use hostname instead of an IP address, the system makes a name lookup and connects to the resolved address. This isn't possible with SRX, because the hostname is resolved during configuration and the IP address will be naild down in the config.
Even if you use aggressive mode, one site has to be a fixed IP address!
Regards
Klaus
—
Sent from Mailbox for iPhone
On So., Mai 12, 2013 at 20:58, Misha Gzirishvili <misha.gzirishvili at gmail.com="mailto:misha.gzirishvili at gmail.com">> wrote:
Hi Aji,
Take a look at AutoVPN.
Some links about it:
More information about the juniper-nsp
mailing list