SRX

Hi, I am trying to figure out what this st0 is.. Should I have a new st0 logical interfaces for every VPN connection ? I currently have st0.0 st0.1 and st0.2 interfaces .. should I create a new logical interface for every new VPN or can I use the current ones ? I did not understand why we are creating new logical st0 interfaces ?

Thanks

st0 is stands for Secure Tunnel interface and it used for routing traffic in VPNs.

For every new VPN destination you should use different st0.x

It is a standard,  so do not try to use st1, st2, etc.

Regards

Leon Smirnov

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too

what happens when st0.x reaches 256. can we go beyond that number or how to create more st interfaces

Maximum unit number allowed on st0 interface is 16385.

Hi,

It depends on your design.

If you deploy hub-spoke then you can use a single logical st0 at the hub. If you are not doing this type of deployment and using route-based then you will require separate logical units for each point-to-point vpn.

Have a look at the IPSec VPN documentation for clarification and chose the design that meets your requirements.

Hub and spoke with multipoint: here

point to point route based: here

Tim