Hi
I am configuring site to site vpn based on Juniper DOC and all looks fine but can't commit.
It shows distination address not found. But when i do "show security address-book", it is configured.
http://www.juniper.net/techpubs/en_US/junos12.1x44/topics/example/ipsec-route-based-vpn-configuring.html
root@FW_SUNNYVALE# commit check
[edit security policies from-zone trust to-zone vpn-chicago]
'policy vpn-tr-chi'
Destination address or a
ddress_set (chicago) not found.
error: configuration check-out failed
[edit]
root@FW_SUNNYVALE# show security address-book
book1 {
address sunnyvale 10.10.10.0/24;
attach {
zone trust;
}
}
book2 {
address chicago 20.20.20.0/24;
attach {
zone untrust;
}
And this is what I configured. (
set interfaces lo0 unit 0 family inet address 10.10.10.1/24
set interfaces fe-0/0/3 unit 0 family inet address 1.1.1.2/24
set interfaces st0 unit 0 family inet address 10.11.11.10/24
set routing-options static route 0.0.0.0/0 next-hop 1.1.1.1
set routing-options static route 20.20.20.0/24 next-hop st0.0
set security zones security-zone untrust interfaces fe-0/0/3.0
set security zones security-zone untrust host-inbound-traffic system-services ike
set security zones security-zone trust interfaces lo0
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone vpn-chicago interfaces st0.0
set security address-book book1 address sunnyvale 10.10.10.0/24
set security address-book book1 attach zone trust
set security address-book book2 address chicago 20.20.20.0/24
set security address-book book2 attach zone untrust
Thanks