[j-nsp] ICMP from SRX accross policy vpn tunnel
Craig Askings
caskings at ionetworks.com.au
Thu May 9 07:39:21 EDT 2019
Alternative solution. Keep doing route based tunnels, but use traffic
selectors. I use it to have the remote end doing policy based ipsec (old
cisco cpe as an example) while keeping the SRX as a route (st interface)
based ipsec implementation.
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-traffic-selectors-in-route-based-vpns.html
On Thu, 9 May 2019 at 06:19, Lenny Shovsky <sho at wirewalk.com> wrote:
> Wondering how to get ping to work directly from SRX across ipsec policy
> tunnels.
>
> Have no issues dong it with route based tunnels, simply using lo0 with
> tunneled subnet address and default-address-selection option, but can't
> make it work with policy tunnels.
>
> Long term goal is to get vpn-monitor option to work.
>
> Thanks in advance for all your feedback !
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Regards,
Craig Askings
io Networks
ion consulting Pty Ltd.
mobile: 0404 019365
phone: 1300 1 2 4 8 16
No Holidays scheduled
More information about the juniper-nsp
mailing list