[j-nsp] Loopback VPN termination High End SRX

Mike Devlin mikecdevlin at gmail.com
Mon Jan 27 06:21:53 EST 2014


from the shell

kmd -T source:destination

the order doesnt matter,the hashing is the same if you reverse the IPs.
 Use your phase 1 addresses




On Sun, Jan 26, 2014 at 10:13 PM, Phil Fagan <philfagan at gmail.com> wrote:

> Looks like the keywords here are anchoring VPN to an SPU. I think this
> involves the way RG mappings occur on SPU(s). Anyone with info/links on
> that mapping please share.
>
>
> On Wed, Jan 22, 2014 at 3:08 PM, Morgan McLean <wrx230 at gmail.com> wrote:
>
> > Hi all,
> >
> > Quick question regarding terminating IKE on a lo0 interface on a 3600
> > cluster.
> >
> >
> >
> http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/concept/security-loopback-interface-ha-for-vpn.html
> >
> > According to this, it mentions putting lo0 into an RG thats not 0, which
> is
> > the one tied to RE and master node etc. Does anybody do this? Do you just
> > assign lo0 to redundancy group say 2, and then it just works? Anything
> else
> > we need to do? The VPN packets could come in over node 0 or node 1...so
> I'm
> > not sure exactly how this helps.
> >
> > --
> > Thanks,
> > Morgan
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
>
>
>
> --
> Phil Fagan
> Denver, CO
> 970-480-7618
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list