I ve a site-site VPN between google cloud and our HQ office. Current remote google cloud network IP range is 10.35.0.0/16. Now I want to add a new IP segment like 10.39.0.0/16 to be aacesible over VPN . Should I create a new VPN configuration or is it possible to add the new IP range to the current configuration ?
For example, in current config :
# set routing-options static route 10.35.0.0/16 next-hop st0.3
Does it work if I add a new command like : ( it should not override 10.35.0.0 , i want to append)
# set routing-options static route 10.38.0.0/16 next-hop st0.3
Have you configured a traffic-selector under 'edit security ipsec vpn <name>' hierarchy for the existing subnet?
If yes, you will just go ahead and create a new traffic-selector there that now calls the new subnet behind
google cloud as remote subnet & your subnet as local subnet. For latest Junos, when VPN comes up, it should automatically install route through st0.3 for remote subnet.
If you do not have any traffic-selector or proxy-id under 'edit security ipsec vpn <name>' & using route-based VPN, then I guess peer also supports 0.0.0.0 proxy-id and hence only thing you need to add is route to remote subnet pointing to st0.3 interface.
If you followed these GCP instructions and made a route based vpn on GCP and on the Junos side you only need to two things.
1-add the route as you note above
2-expand your security policies associated with the zone assigned to st0.3 interface for the new subnet.
I appreciate.. thank you