Hi, anyone knows if the prefix in the proxy-id matters in route-based vpn in Juniper SRX? I suppose the local and remote proxy-id can be random and do not need to match the source and destination subnets? given both sides are matching the same set of proxy-ids.
e,g,
local enc domain remote encryption domain
10.0.0.1/24 >----------> 192.168.1.0/24 and 192.168.11.0/24
if I set the following in the vpn config, the partner side set the same in reverse in their proxy-id setting, and have a static route going to the destination 192.168.1.0/24 & 192.168.11.0/24 next-hop st0.1 which binds to the vpn, will vpn traffic still go to both subnets?
set security ipsec vpn IPSEC-PROD-VPN ike proxy-identity local 1.1.1.1
set security ipsec vpn IPSEC-PROD-VPN ike proxy-identity remote 2.2.2.2
or do the proxy-identity have to match the local can remote encryption domains ?
would using 0.0.0.0/0 as proxy-id instead of 2 TS on both sides will also make it work?
------------------------------
Thanks
Calvin
------------------------------