[j-nsp] SRX Active/Passive cluster with redundant route based IPSec - connectivity to AWS VPC
Andrew Jones
aj at jonesy.com.au
Mon May 5 20:37:08 EDT 2014
You don't need to do anything special to make the st0 interface
redundant, it will always run on the active node.
On 06.05.2014 08:38, Andy Litzinger wrote:
> Hi Morgan,
>
> I presume that with regards to the loopback you are referring to the
> external interface I use as my IPSec peer toward Amazon?
>
> what about the internal logical st interface that I need to create in
> order
> to route my internal traffic into the tunnel? How do I make that
> redundant?
>
> thanks!
> -andy
>
>
> On Mon, May 5, 2014 at 3:30 PM, Morgan McLean <wrx230 at gmail.com>
> wrote:
>
>> Use your loopback and put that in a reth.
>>
>> Thanks,
>> Morgan
>>
>>
>> On Mon, May 5, 2014 at 3:23 PM, Andy Litzinger <
>> andy.litzinger.lists at gmail.com> wrote:
>>
>>> Hi All,
>>> Two related questions. I have a pair of SRX 3400s in an
>>> Active/Passive
>>> cluster. They rely on an external gateway for internet access
>>> (i.e. my
>>> ISPs don't terminate on the SRXs). I am setting up redundant
>>> tunnels to
>>> an
>>> AWS VPC. Amazon has an example for J-Series (
>>>
>>> http://docs.aws.amazon.com/AmazonVPC/latest/NetworkAdminGuide/Juniper.html
>>> ),
>>> but I don't think it's for a cluster set-up.
>>>
>>> Here are my questions:
>>>
>>> 1 - If I want to set up a redundant secure tunnel interface (e.g.
>>> st0),
>>> should i bind it to an reth interface?
>>>
>>> 2 - Has anyone connected an Active/Passive SRX cluster to an AWS
>>> VPC? Any
>>> tips or tricks you care to share?
>>>
>>> regards,
>>> -andy
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>
>>
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list