[j-nsp] SRX Active/Passive cluster with redundant route based IPSec - connectivity to AWS VPC
Andy Litzinger
andy.litzinger.lists at gmail.com
Mon May 5 18:38:38 EDT 2014
Hi Morgan,
I presume that with regards to the loopback you are referring to the
external interface I use as my IPSec peer toward Amazon?
what about the internal logical st interface that I need to create in order
to route my internal traffic into the tunnel? How do I make that redundant?
thanks!
-andy
On Mon, May 5, 2014 at 3:30 PM, Morgan McLean <wrx230 at gmail.com> wrote:
> Use your loopback and put that in a reth.
>
> Thanks,
> Morgan
>
>
> On Mon, May 5, 2014 at 3:23 PM, Andy Litzinger <
> andy.litzinger.lists at gmail.com> wrote:
>
>> Hi All,
>> Two related questions. I have a pair of SRX 3400s in an Active/Passive
>> cluster. They rely on an external gateway for internet access (i.e. my
>> ISPs don't terminate on the SRXs). I am setting up redundant tunnels to
>> an
>> AWS VPC. Amazon has an example for J-Series (
>> http://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/Juniper.html
>> ),
>> but I don't think it's for a cluster set-up.
>>
>> Here are my questions:
>>
>> 1 - If I want to set up a redundant secure tunnel interface (e.g. st0),
>> should i bind it to an reth interface?
>>
>> 2 - Has anyone connected an Active/Passive SRX cluster to an AWS VPC? Any
>> tips or tricks you care to share?
>>
>> regards,
>> -andy
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
More information about the juniper-nsp
mailing list