[j-nsp] SRX Active/Passive cluster with redundant route based IPSec - connectivity to AWS VPC

Andy Litzinger andy.litzinger.lists at gmail.com
Mon May 5 18:38:38 EDT 2014


Hi Morgan,

I presume that with regards to the loopback you are referring to the
external interface I use as my IPSec peer toward Amazon?

what about the internal logical st interface that I need to create in order
to route my internal traffic into the tunnel?  How do I make that redundant?

thanks!
 -andy


On Mon, May 5, 2014 at 3:30 PM, Morgan McLean <wrx230 at gmail.com> wrote:

> Use your loopback and put that in a reth.
>
> Thanks,
> Morgan
>
>
> On Mon, May 5, 2014 at 3:23 PM, Andy Litzinger <
> andy.litzinger.lists at gmail.com> wrote:
>
>> Hi All,
>>   Two related questions.  I have a pair of SRX 3400s in an Active/Passive
>> cluster.  They rely on an external gateway for internet access (i.e. my
>> ISPs don't terminate on the SRXs).  I am setting up redundant tunnels to
>> an
>> AWS VPC.  Amazon has an example for J-Series (
>> http://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/Juniper.html
>> ),
>> but I don't think it's for a cluster set-up.
>>
>> Here are my questions:
>>
>> 1 - If I want to set up a redundant secure tunnel interface (e.g. st0),
>> should i bind it to an reth interface?
>>
>> 2 - Has anyone connected an Active/Passive SRX cluster to an AWS VPC?  Any
>> tips or tricks you care to share?
>>
>> regards,
>>  -andy
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>


More information about the juniper-nsp mailing list