[j-nsp] Loopback VPN termination High End SRX
Mike Devlin
mikecdevlin at gmail.com
Tue Jan 28 18:23:35 EST 2014
Ya,
The math works out the same on the 3000s as it does on the 5000s. Keep in
mind the 5000 series SPC have dual SPU, so when you see SPU 9, its
referencing SPC in slot 5 pic 0.
On Tue, Jan 28, 2014 at 4:30 PM, Phil Fagan <philfagan at gmail.com> wrote:
> Nice, so I"m looking at hash of IKE local:remote and what logical and
> physical SPU it gets mapped too. Makes sense because your RG0 is only
> control and not data.
>
> On Mon, Jan 27, 2014 at 4:21 AM, Mike Devlin <mikecdevlin at gmail.com>
> wrote:
> > from the shell
> >
> > kmd -T source:destination
> >
> > the order doesnt matter,the hashing is the same if you reverse the IPs.
> Use
> > your phase 1 addresses
> >
> >
> >
> >
> > On Sun, Jan 26, 2014 at 10:13 PM, Phil Fagan <philfagan at gmail.com>
> wrote:
> >>
> >> Looks like the keywords here are anchoring VPN to an SPU. I think this
> >> involves the way RG mappings occur on SPU(s). Anyone with info/links on
> >> that mapping please share.
> >>
> >>
> >> On Wed, Jan 22, 2014 at 3:08 PM, Morgan McLean <wrx230 at gmail.com>
> wrote:
> >>
> >> > Hi all,
> >> >
> >> > Quick question regarding terminating IKE on a lo0 interface on a 3600
> >> > cluster.
> >> >
> >> >
> >> >
> >> >
> http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/concept/security-loopback-interface-ha-for-vpn.html
> >> >
> >> > According to this, it mentions putting lo0 into an RG thats not 0,
> which
> >> > is
> >> > the one tied to RE and master node etc. Does anybody do this? Do you
> >> > just
> >> > assign lo0 to redundancy group say 2, and then it just works? Anything
> >> > else
> >> > we need to do? The VPN packets could come in over node 0 or node
> 1...so
> >> > I'm
> >> > not sure exactly how this helps.
> >> >
> >> > --
> >> > Thanks,
> >> > Morgan
> >> > _______________________________________________
> >> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> >> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >> >
> >>
> >>
> >>
> >> --
> >> Phil Fagan
> >> Denver, CO
> >> 970-480-7618
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> >
>
>
>
> --
> Phil Fagan
> Denver, CO
> 970-480-7618
>
More information about the juniper-nsp
mailing list