SRX

 View Only
last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Allow IPs through the VPN

    Posted 02-23-2023 00:33
    Edited by Rakesh A 02-23-2023 00:41
    Hi Team,
    We have a requirement for user, following servers IPs  are need to allow through VPN. If you need any details let me know. Please help on this.
    We are using SRX 1500 firewall. We already have  a VPN .Name is TFV-P2-vpn.
    .
    10.231.157.a
    10.231.157.b
    10.231.157.c
    10.231.157.d
    10.231.157.e
    10.231.157.f
    Thanks
    Rakesh



    ------------------------------
    Rakesh A
    ------------------------------



  • 2.  RE: Allow IPs through the VPN

     
    Posted 02-23-2023 07:46

    Hello Rakesh,

    Depends on how you have set your Traffic selector configured. 

    If your traffic selector is set with the IP's or subnet of the mentioned IP's then you would just need to make sure the policies are in place. 

    If not you would have to setup a traffic selector to to allow the traffic to pass through ( and policies should allow them too ) 

    example:

    set security ipsec vpn VPN_NAME traffic-selector TS1 local-ip 10.231.157.0/24 << modify the subnet accordingly. 
    set security ipsec vpn VPN_NAME traffic-selector TS1 remote-ip <>

    Make sure the peer also have same traffic selector configured. 

    Regards,



    ------------------------------
    Brijil R
    ------------------------------



  • 3.  RE: Allow IPs through the VPN

    Posted 02-24-2023 02:35

    Hi Brijil,

    Thanks for your replay. We are using  one ip for one traffic selector/32 range .am newbie for juniper srx. Could you please more details about this.it is helpful to me.

    Thanks

    Rakesh



    ------------------------------
    Rakesh A
    ------------------------------



  • 4.  RE: Allow IPs through the VPN

     
    Posted 02-25-2023 04:09

    Hello Rakesh,

    The config should like below:

    set security ipsec vpn VPN_NAME traffic-selector TS1 local-ip 10.231.157.a/32
    set security ipsec vpn VPN_NAME traffic-selector TS1 remote-ip x.x.x.x/y
    set security ipsec vpn VPN_NAME traffic-selector TS2 local-ip 10.231.157.b/32
    set security ipsec vpn VPN_NAME traffic-selector TS3 remote-ip x.x.x.x/y
    set security ipsec vpn VPN_NAME traffic-selector TS4 local-ip 10.231.157.c/32
    set security ipsec vpn VPN_NAME traffic-selector TS4 remote-ip x.x.x.x/y
    set security ipsec vpn VPN_NAME traffic-selector TS5 local-ip 10.231.157.d/32
    set security ipsec vpn VPN_NAME traffic-selector TS5 remote-ip x.x.x.x/y
    set security ipsec vpn VPN_NAME traffic-selector TS6 local-ip 10.231.157.e/32
    set security ipsec vpn VPN_NAME traffic-selector TS6 remote-ip x.x.x.x/y
    set security ipsec vpn VPN_NAME traffic-selector TS7 local-ip 10.231.157.f/32
    set security ipsec vpn VPN_NAME traffic-selector TS7 remote-ip x.x.x.x/y
     

    Also, as said earlier, it would need similar / equivalent config on the peer end. 

    Regards,



    ------------------------------
    Brijil R
    ------------------------------



  • 5.  RE: Allow IPs through the VPN

    Posted 03-11-2023 03:44

    Hi Brijil R.

    Thanks for your helping....



    ------------------------------
    Rakesh A
    ------------------------------