[j-nsp] ICMP from SRX accross policy vpn tunnel

Craig Askings caskings at ionetworks.com.au
Thu May 9 07:39:21 EDT 2019


Alternative solution. Keep doing route based tunnels, but use traffic
selectors. I use it to have the remote end doing policy based ipsec (old
cisco cpe as an example) while keeping the SRX as a route (st interface)
based ipsec implementation.

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-traffic-selectors-in-route-based-vpns.html

On Thu, 9 May 2019 at 06:19, Lenny Shovsky <sho at wirewalk.com> wrote:

> Wondering how to get ping to work directly from SRX across ipsec policy
> tunnels.
>
> Have no issues dong it with route based tunnels, simply using lo0 with
> tunneled subnet address and default-address-selection option, but can't
> make it work with policy tunnels.
>
> Long term goal is to get vpn-monitor option to work.
>
> Thanks in advance for all your feedback !
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


-- 

Regards,

Craig Askings

io Networks

ion consulting Pty Ltd.



mobile: 0404 019365

phone: 1300 1 2 4 8 16


No Holidays scheduled


More information about the juniper-nsp mailing list