[j-nsp] Can I have multiple route-based VPN over multiple st0 interfaces
Hugo Slabbert
hugo at slabnet.com
Thu Nov 2 22:21:06 EDT 2017
On Fri 2017-Nov-03 00:57:47 +0000, M Abdeljawad via juniper-nsp
<juniper-nsp at puck.nether.net> wrote:
>Hi
>I want to create three VPN tunnels with third party peers, I want to use
>route-based VPN with traffic selector as each tunnel has multiple
>destinations.So can I use multiple st0 interfaces "one for each tunnel"?
Yes; the routed IPSEC tunnels are bound to subinterfaces to st0, so e.g.
st0.1 (unit 1), st0.2, st0.3, and so forth. Set that interface or the IP
on the other end as your next-hop for whatever traffic you want to push
through that particular tunnel (or run a routing protocol across it if
that's preferred) and go to town.
>(As I have only one VPN tunnel up out of the three tunnels).
I don't understand this part. I don't see anything that would prevent you
from having all of the tunnels up simultaneously unless you want to
intentionally shut them for some reason.
--
Hugo Slabbert | email, xmpp/jabber: hugo at slabnet.com
pgp key: B178313E | also on Signal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20171102/c0224f43/attachment.sig>
More information about the juniper-nsp
mailing list