SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  IPSEC tunnel St0 creation on SRX

    Posted 08-16-2017 06:45

    Hi everybody,

    Let say we want to establish Route based IPSEC tunnel (site to site) between two SRX, we configured our IKE phase1, Phase2 policies, and bind it to tunnel st0.1 using:

    Set security ipsec vpn IPSEC-VPN bind-interface st0.1

     

    My question is how do we create this tunnel interface? Is it created because of the above command?

    Thanks,



  • 2.  RE: IPSEC tunnel St0 creation on SRX

    Posted 08-16-2017 07:02
    set interfaces st0.1 family inet address <IP-ADDRESS>

    or

    set interfaces st0.1 family inet

    And added it to security zone.

    set security zones security-zone VPN interfaces st0.1

    P.S: ip-address is not mandatory. But recommended to have one so it can be used to test connectivity and also for dynamic routing protocols.

    I would recommend you to take a look at the following article which explains configuration in a good manner.

    http://www.juniper.net/documentation/en_US/junos12.1x44/topics/example/ipsec-route-based-vpn-configuring.html</IP-ADDRESS>


  • 3.  RE: IPSEC tunnel St0 creation on SRX
    Best Answer

    Posted 08-16-2017 07:02
    set interfaces st0.1 family inet address <IP-ADDRESS>

    or

    set interfaces st0.1 family inet

    And added it to security zone.

    set security zones security-zone VPN interfaces st0.1

    P.S: ip-address is not mandatory. But recommended to have one so it can be used to test connectivity and also for dynamic routing protocols.

    I would recommend you to take a look at the following article which explains configuration in a good manner.

    http://www.juniper.net/documentation/en_US/junos12.1x44/topics/example/ipsec-route-based-vpn-configuring.html</IP-ADDRESS>