[j-nsp] Loopback VPN termination High End SRX
Morgan McLean
wrx230 at gmail.com
Sun Jan 26 22:32:07 EST 2014
Worst case I'll be testing for it this week.
On Sunday, January 26, 2014, Phil Fagan <philfagan at gmail.com> wrote:
> Looks like the keywords here are anchoring VPN to an SPU. I think this
> involves the way RG mappings occur on SPU(s). Anyone with info/links on
> that mapping please share.
>
>
> On Wed, Jan 22, 2014 at 3:08 PM, Morgan McLean <wrx230 at gmail.com<javascript:_e({}, 'cvml', 'wrx230 at gmail.com');>
> > wrote:
>
>> Hi all,
>>
>> Quick question regarding terminating IKE on a lo0 interface on a 3600
>> cluster.
>>
>>
>> http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/concept/security-loopback-interface-ha-for-vpn.html
>>
>> According to this, it mentions putting lo0 into an RG thats not 0, which
>> is
>> the one tied to RE and master node etc. Does anybody do this? Do you just
>> assign lo0 to redundancy group say 2, and then it just works? Anything
>> else
>> we need to do? The VPN packets could come in over node 0 or node 1...so
>> I'm
>> not sure exactly how this helps.
>>
>> --
>> Thanks,
>> Morgan
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net <javascript:_e({},
>> 'cvml', 'juniper-nsp at puck.nether.net');>
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>
> --
> Phil Fagan
> Denver, CO
> 970-480-7618
>
--
Thanks,
Morgan
More information about the juniper-nsp
mailing list