[j-nsp] Policy-based IPSec tunnel and static routing
Per Westerlund
p1 at westerlund.se
Thu Nov 21 10:28:22 EST 2013
Sorry, no automatic route-injection with SRX and policy-based IPsec VPN. The traffic has to be made to "hit" the security policy rules that allows the tunnel traffic, and that is normally manually.
/Per
21 nov 2013 kl. 16:17 skrev Michael Hallgren <m.hallgren at free.fr>:
> Hi,
>
> I ran into the following:
>
> In a pretty much standard setup of a policy-based IPSec VPN between a
> SRX and a cisco ASA, pinging destination behind the SRX worked just
> fine from behind the ASA, the other way around didn't. Had few static
> routes set, among them a 0/0 pointing in the direction of the ASA, and a
> 10/8 pointing at SRX customers. The host behind the ASA, that I couldn't
> ping was in 10/24, say. Adding a static route 10/24 pointing at the ASA (not
> at the tunnel endpoint), fixed the flow from SRX to ASA.
>
> Was under the impression that policy-based setup is supposed to handle
> static route injection "auto-magically." What am I missing?
>
> Cheers,
>
> mh
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list