[j-nsp] Loopback VPN termination High End SRX

Phil Fagan philfagan at gmail.com
Sun Jan 26 22:13:48 EST 2014


Looks like the keywords here are anchoring VPN to an SPU. I think this
involves the way RG mappings occur on SPU(s). Anyone with info/links on
that mapping please share.


On Wed, Jan 22, 2014 at 3:08 PM, Morgan McLean <wrx230 at gmail.com> wrote:

> Hi all,
>
> Quick question regarding terminating IKE on a lo0 interface on a 3600
> cluster.
>
>
> http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/concept/security-loopback-interface-ha-for-vpn.html
>
> According to this, it mentions putting lo0 into an RG thats not 0, which is
> the one tied to RE and master node etc. Does anybody do this? Do you just
> assign lo0 to redundancy group say 2, and then it just works? Anything else
> we need to do? The VPN packets could come in over node 0 or node 1...so I'm
> not sure exactly how this helps.
>
> --
> Thanks,
> Morgan
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



-- 
Phil Fagan
Denver, CO
970-480-7618


More information about the juniper-nsp mailing list