Routing

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  VPN site-to-site (Unifi Dream Machine to Juniper SRX345

    Posted 09-30-2023 21:06
    Hello everyone, everything good ? I would like to know if it is possible to close a site-to-site VPN between a Unifi Dream Machine and a Juniper srx 345.
    
    Remembering that at the Unifi Dream Machine location I do not have internet with a fixed IP, the IP is dynamic.


    ------------------------------
    Leandro Gomes
    ------------------------------


  • 2.  RE: VPN site-to-site (Unifi Dream Machine to Juniper SRX345

    Posted 10-02-2023 18:50

    Yes, they can do IPsec between each other. The "DreamMachine" is more of a NightmareMachine in my eyes, but when one of those failed to connect to a Palo, the SRX succeeded. In that particular case, the DreamMachine was replaced with a spare and then it all worked. They are notoriously unstable though, so I do hesitate to work with them...until a customer calls and needs my help :)




  • 3.  RE: VPN site-to-site (Unifi Dream Machine to Juniper SRX345

    Posted 10-02-2023 19:47

    For ipsec vpn with the remote site on a dynamic ip address you will need to use aggressive mode and host id instead of gateway ip address.  The kb outlining the SRX side configuration for that is here in the knowledge base.  You will need to find the similar configuration that matches from UniFi.

    https://supportportal.juniper.net/s/article/SRX-Configure-site-to-site-IPsec-VPN-where-remote-site-has-dynamic-IP-address-and-SRX-has-static-IP-address



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------