Expand all | Collapse all

Logical interface and Site-to-Site VPN

Jump to Best Answer
  • 1.  Logical interface and Site-to-Site VPN

    Posted 05-23-2018 07:48



    I am trying to configure a VPN from Azure to the SRX. I have an aggregated interface labelled as ae2 that is utilised as the gateway interface. This interface has 2 x IP addresses assigned to it.... the VPN interface address is advertised out via eBGP and can be ping'd from our offices. The other interface is not available as it is an internal network address. 


    When I run the following command on the ae2 interface on the SRX, I see the azure IP attempting to build Phase 1, but I see no response back and also no ike security-association built:


    run monitor traffic interface ae2 no-resolve size 1500 (matching "net <ipaddress>")


    I have also configured a static route to the exit interface for the azure gateway address.


    I am guessing, from my troubleshooting tests that it is using the other IP address for the return even though a static route is configured......


    So, my question is : can a site-to-site VPN be configured on an aggregated interface?


    It's not really urgent as I have cabled up a separate port for this if required.


  • 2.  RE: Logical interface and Site-to-Site VPN
    Best Answer

    Posted 05-23-2018 08:57

    Phase 1 and Phase 2 successful on separate interface.


    IKE Security-Associations working.

    All working fine.