[j-nsp] 答复: SRX IPSEC Full Mesh
徐见
xujianlx at gmail.com
Wed Nov 6 01:59:31 EST 2013
HI, I see your question. For full mesh ipsec vpn, it's require a netmask /30
address to your tunnel interface, no more parmater!
regards
Jack Xu
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
-----邮件原件-----
发件人: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] 代表
Mohammad Khalil
发送时间: 2013年10月29日 22:29
收件人: juniper-nsp at puck.nether.net
主题: [j-nsp] SRX IPSEC Full Mesh
Hi all
I have three SRX firewall , one of them is acting as a hub and the other two
are spokes I have established two IPSEC VPNs between each spoke and the hub
and all is functioning well Now , I had a requirement to establish a direct
IPSEC VPN between the spokes , when I do so , I lose all VPN connections on
one of the spokes and the tunnel never comes up ?
I suspected that there is something wrong in the traffic pattern due to
learn the prefix from two places or something , what should be done to avoid
this and bring the two tunnels toward the hub and the spoke up and
functioning ?
BR,
Mohammad
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list