[j-nsp] IPSec vs SRX packet flow
Network Geek
network.nerdd at gmail.com
Mon Jul 10 21:58:15 EDT 2017
Hi,
My users are sitting in 10.100.0.0/16 which need need to access
applications at the other side of an SRX via route-based IPSec configured
on SRX with source proxy-ID 172.30.30.0/24.
So I need to NAT all 10.100.0.0/16 to 172.30.30.0/24.
I can not find reference confirming if source NAT (and security policy)
will be processed before the IPSec. Can anyone shed some light on this?
If IPSec comes first, and any advise on how to get my users initiate the
IPSec without involving another device?
Thanks
More information about the juniper-nsp
mailing list