Hi Guys,I am adding one server IP address to already existing Route based VPN config, please help on this, how to push my configuration 1500 srx firewall.
Below are the configuration,
This is the existing configuration,
show configuration | display set | match 10.231.157.
set security ipsec vpn TFSV-P2-vpn traffic-selector ts-TFSV-11 remote-ip 10.231.157.181/32
set security ipsec vpn TFSV-P2-vpn traffic-selector ts-TFSV-12 remote-ip 10.231.157.186/32
set security ipsec vpn TFSV-P2-vpn traffic-selector ts-TFSV-13 remote-ip 10.231.157.188/32
set security ipsec vpn TFSV-P2-vpn traffic-selector ts-TFSV-14 remote-ip 10.231.157.189/32
set security ipsec vpn TFSV-P2-vpn traffic-selector ts-TFSV-15 remote-ip 10.231.157.190/32
set security ipsec vpn TFSV-P2-vpn traffic-selector ts-TFSV-16 remote-ip 10.231.157.191/32
set security address-book global address TFSV-11 10.231.157.181/32
set security address-book global address TFSV-12 10.231.157.186/32
set security address-book global address TFSV-13 10.231.157.188/32
set security address-book global address TFSV-14 10.231.157.189/32
set security address-book global address TFSV-15 10.231.157.190/32
set security address-book global address TFSV-16 10.231.157.191/32
set firewall family inet filter ISP term VPN_Traffic from destination-address 10.231.157.181/32
set firewall family inet filter ISP term VPN_Traffic from destination-address 10.231.157.186/32
set firewall family inet filter ISP term VPN_Traffic from destination-address 10.231.157.188/32
set firewall family inet filter ISP term VPN_Traffic from destination-address 10.231.157.189/32
set firewall family inet filter ISP term VPN_Traffic from destination-address 10.231.157.190/32
set firewall family inet filter ISP term VPN_Traffic from destination-address 10.231.157.191/32
set routing-options static route 10.231.157.181/32 next-hop st0.21
set routing-options static route 10.231.157.186/32 next-hop st0.21
set routing-options static route 10.231.157.188/32 next-hop st0.21
set routing-options static route 10.231.157.189/32 next-hop st0.21
set routing-options static route 10.231.157.190/32 next-hop st0.21
set routing-options static route 10.231.157.191/32 next-hop st0.21
======================
I am adding one TS to above below,
set security ipsec vpn TFSV-P2-vpn traffic-selector ts-TFSV-17 remote-ip 10.231.157.192/32
set security address-book global address TFSV-17 10.231.157.192/32
set routing-options static route 10.231.157.192/32 next-hop st0.21
set firewall family inet filter ISP term VPN_Traffic from destination-address 10.231.157.192/32
=========
but i am getting below error in production,please help what is i am missing
{primary:node0}[edit]
root@XIUS-PRIMARY# set security address-book global address TFSV-17 10.231.157.192/32
{primary:node0}[edit]
root@XIUS-PRIMARY# set security ipsec vpn TFSV-P2-vpn traffic-selector ts-TFSV-17 remote-ip 10.231.157.192/32
{primary:node0}[edit]
root@XIUS-PRIMARY# set firewall family inet filter ISP term VPN_Traffic from destination-address 10.231.157.192/32
{primary:node0}[edit]
root@XIUS-PRIMARY# set routing-options static route 10.231.157.192/32 next-hop st0.21
{primary:node0}[edit]
root@XIUS-PRIMARY#
{primary:node0}[edit]
root@XIUS-PRIMARY#
{primary:node0}[edit]
root@XIUS-PRIMARY# show | compare
[edit security ipsec vpn TFSV-P2-vpn]
traffic-selector ts-TFSV-16 { ... }
+ traffic-selector ts-TFSV-17 {
+ remote-ip 10.231.157.192/32;
+ ## Warning: missing mandatory statement(s): 'local-ip'
+ }
[edit security address-book global]
address OCMP-192.168.149.102 { ... }
+ address TFSV-17 10.231.157.192/32;
[edit firewall family inet filter ISP term VPN_Traffic from destination-address]
10.27.1.232/29 { ... }
+ 10.231.157.192/32;
[edit routing-options static]
route 10.231.157.191/32 { ... }
+ route 10.231.157.192/32 next-hop st0.21;
{primary:node0}[edit]
root@XIUS-PRIMARY# commit check
[edit security ipsec vpn TFSV-P2-vpn]
'traffic-selector ts-TFSV-17'
Missing mandatory statement: 'local-ip'
error: configuration check-out failed: (missing mandatory statements)
Please anyone help how to config in to the device.
Thanks
Rakesh
------------------------------
Rakesh A
------------------------------