SRX

Anyone have the experience with hair-pinning one VPN interface to another on the same SRX? 

We have a need to allow a server from and older Azure VPN subscription, interface St0.3, to get to another server in a newer Azure VPN subscription, interface St0.5. 

The older VPN has a few 10.50.x.x /24 segments, and the new VPN has a few 10.70.x.x  /24 segments.  The plan is to ONLY use a single endpoint in each subscription [10.50.1.10/24, and 10.70.1.10/32] .  So, traffic out St0.3 to St0.5 and back.  At least until we eventually move both subscriptions in the same landing zone.   Since its the same SRX, can we achieve this using  a set of security policies from OLD zone to NEW zone ? 

Jeffrey

Hi Jeffrey, 

You are correct, typically you will be able to place the Secure Tunnel interfaces into your specified zones and then configure Security Policies to govern traffic between them. Of course, ensure that both zones are in the same routing instance (or routes are shared between them. Also, I'm not certain with Azure but in AWS you must have each subnet configured with a route target to the SRX (tunnel). 

Let us know if you need more clarification.

Regards,

Gavin White