View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SRX Hair-pinning from VPN interface to another

    Posted 02-26-2024 17:32

    Anyone have the experience with hair-pinning one VPN interface to another on the same SRX? 

    We have a need to allow a server from and older Azure VPN subscription, interface St0.3, to get to another server in a newer Azure VPN subscription, interface St0.5. 

    The older VPN has a few 10.50.x.x /24 segments, and the new VPN has a few 10.70.x.x  /24 segments.  The plan is to ONLY use a single endpoint in each subscription [, and] .  So, traffic out St0.3 to St0.5 and back.  At least until we eventually move both subscriptions in the same landing zone.   Since its the same SRX, can we achieve this using  a set of security policies from OLD zone to NEW zone ? 


  • 2.  RE: SRX Hair-pinning from VPN interface to another

    Posted 02-29-2024 05:22

    Hi Jeffrey, 

    You are correct, typically you will be able to place the Secure Tunnel interfaces into your specified zones and then configure Security Policies to govern traffic between them. Of course, ensure that both zones are in the same routing instance (or routes are shared between them. Also, I'm not certain with Azure but in AWS you must have each subnet configured with a route target to the SRX (tunnel). 

    Let us know if you need more clarification.


    Gavin White