Junos OS

Hi,

I  ve a site-site VPN between google cloud and our HQ office. Current remote google cloud network IP range is 10.35.0.0/16. Now I want to add a new IP segment like 10.39.0.0/16 to be  aacesible over VPN . Should I create a new VPN configuration or is it possible to add the new IP range to the current configuration ?

For example, in current config :

# set routing-options static route 10.35.0.0/16 next-hop st0.3

Does it work if I add a new command like : ( it should not override 10.35.0.0 , i want to append)

# set routing-options static route 10.38.0.0/16 next-hop st0.3

Hello,

Have you configured a traffic-selector under 'edit security ipsec vpn <name>' hierarchy for the existing subnet?

If yes, you will just go ahead and create a new traffic-selector there that now calls the new subnet behind

google cloud as remote subnet & your subnet as local subnet. For latest Junos, when VPN comes up, it should automatically install route through st0.3 for remote subnet.

If you do not have any traffic-selector or proxy-id under 'edit security ipsec vpn <name>' & using route-based VPN, then I guess peer also supports 0.0.0.0 proxy-id and hence only thing you need to add is route to remote subnet pointing to st0.3 interface.

Regards,

Rushi

If you followed these GCP instructions and made a route based vpn on GCP and on the Junos side you only need to two things.

1-add the route as you note above

2-expand your security policies associated with the zone assigned to st0.3 interface for the new subnet.

https://cloud.google.com/vpn/docs/how-to/creating-route-based-vpns

I appreciate.. thank you