Hello Community,
Here's the scenario:
SRX340 connected to the Internet via PPPoE over GPON.
PPPoE obtains in IPv4 address from a pool of /29, which is routed towards the SRX.
I can easily use all of the /29 IPv4 addresses for example for NAT, no problems.
lo0 interface is currently used for management purposes + GRE tunnels termination.
All works well since years.
Now I'm trying to set up an RA VPN using SecureConnect.
The thing is, the ISP is blocking ingress traffic from the Internet over 443/TCP to the IPv4 address SRX obtains from PPPoE.
No filtering for other addresses.
ISP is not eager to lift this filtering.
Is it possible to configure SecureConnect to use other interface than pp0.0, for example a subinterface of a LACP L3 LAG, which will be up as long as the LAN is up?
I'm asking because I've tried to configure a public IPv4 on such subinterface, it was in the same zone as pp0.0 and a security policy was permitting the traffic.
On both interfaces i've enabled ike, tcp-encap and https.
Unfortunately all I get is a timeout on a secureconnect client.
Wireshark run on a client shows only TCP SYN packets being sent without any response.
Policy logging shows only timeouts (RT_FLOW_SESSION_CLOSE: session closed idle Timeout)
tranceoptions for tcp-encap and remote-access shows nothing.
Any ideas how this can be approached?
Best Regards,
dknt