[j-nsp] Policy-based IPSec tunnel and static routing
Michael Hallgren
m.hallgren at free.fr
Thu Nov 21 10:17:46 EST 2013
Hi,
I ran into the following:
In a pretty much standard setup of a policy-based IPSec VPN between a
SRX and a cisco ASA, pinging destination behind the SRX worked just
fine from behind the ASA, the other way around didn't. Had few static
routes set, among them a 0/0 pointing in the direction of the ASA, and a
10/8 pointing at SRX customers. The host behind the ASA, that I couldn't
ping was in 10/24, say. Adding a static route 10/24 pointing at the ASA (not
at the tunnel endpoint), fixed the flow from SRX to ASA.
Was under the impression that policy-based setup is supposed to handle
static route injection "auto-magically." What am I missing?
Cheers,
mh
More information about the juniper-nsp
mailing list