[j-nsp] SRX Active/Passive cluster with redundant route based IPSec - connectivity to AWS VPC
Aaron Dewell
aaron.dewell at gmail.com
Mon May 5 18:32:33 EDT 2014
I have terminated IPSec tunnels on reth interfaces entirely successfully. I would think that would work fine in your setup as well. It wasn't amazon, but it was to other remote SRXs. The ISP in question did terminate on both cluster members (two drops).
That was on a branch SRX. On the 3400 YMMV but I don't see why it wouldn't work.
On May 5, 2014, at 5:23 PM, Andy Litzinger wrote:
> Hi All,
> Two related questions. I have a pair of SRX 3400s in an Active/Passive
> cluster. They rely on an external gateway for internet access (i.e. my
> ISPs don't terminate on the SRXs). I am setting up redundant tunnels to an
> AWS VPC. Amazon has an example for J-Series (
> http://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/Juniper.html),
> but I don't think it's for a cluster set-up.
>
> Here are my questions:
>
> 1 - If I want to set up a redundant secure tunnel interface (e.g. st0),
> should i bind it to an reth interface?
>
> 2 - Has anyone connected an Active/Passive SRX cluster to an AWS VPC? Any
> tips or tricks you care to share?
>
> regards,
> -andy
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list