[j-nsp] SRX VPN in Virtual Router

ML ml at kenweb.org
Mon Mar 30 10:36:50 EDT 2015


I've been able to configure an IPsec VPN to connect from within a 
virtual router without issue.  (external-interface is it's own routing 
instance and security zone) The st0.X interface associated to the VPN is 
in inet.0 however and OSPF works across it. Effectively I can have a 
primary and backup site to site VPN from a remote POP over different WAN 
links.

This has worked on 11.4R7.5 and 12.1X44.


On 3/30/2015 10:03 AM, M Abdeljawad via juniper-nsp wrote:
> Hi All
> I have a question about SRX VPN support under virtual router;There are two WAN links and each link member in different Virtual Router (not inet0), and the VPN tunnels must be established from both virtual routers
>
>   
>
> Per to my search I found two conflict results as below;
>
>   
>
> Below KB link mention that its supported, and the st0interface and the IKE listener interface can be assigned to the custom virtualrouter.
>
> http://kb.juniper.net/InfoCenter/index?page=content&id=KB21487
>
>   
>
>   
>
> And below document link mention that the IKE listener mustbe member of inet.0 for the VPN to work.
>
> http://www.juniper.net/documentation/en_US/junos11.4/topics/concept/virtual-router-support-for-route-based-vpns.html
>
>   
>
>   
>
> What if I used Lo0 interface and assigned it to inet.0 andused it as the external VPN interface, is this valid solution?
>
>
> RegardsMahmoud
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list