sorry, I'm a bit confused here. I thought if you set up a vpn and bind the tunnel to st0 interface and route the traffic to the st0 interface, all traffic will be encrypted going to st0, correct?
if the st0 is not bind to a vpn config, traffic send to st0 will not be encrypted, correct?
So as long as st0 interface in bind to the vpn, even if we use proxy-id for local and remote is set to 0.0.0.0 for the vpn config instead of TS, traffic will still be encrypted going to the st0 interface. That's my understanding. correct me if I'm wrong.
Thanks
Original Message:
Sent: 06-20-2017 19:33
From: Unknown User
Subject: SRX-Difference Between static route and traffic-selector.
Hello,
route and proxy-ids are two different things. Perhaps a dummy example would be good here.
Let us say you have a local subnets of 10.10.10.0/24 & 10.10.20.0/24 & remote subnet of 192.168.1.0/24. And you have traffic-selector configured as local - 10.10.10.0/24 Remote - 192.168.1.0/24 as well as local - 10.10.20.0/24 & remote 192.168.1.0/24
* route to 192.168.1.0/24 with next-hop st0.0 will ensure that any packet with any source going to destination 192.168.1.0 will
be sent to st0.0
* But traffic selectors configured above will ensure that only traffic from either 10.10.10.0/24 or 10.10.20.0/24 and going to 192.168.1.0/24 will be allowed to get encrypted.
Regards,
Rushi