View Only
last person joined: 6 days ago 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.
  • 1.  VPN tunnel between public IP address and broadband based network

    Posted 08-07-2022 17:36
    I want to create a VPN tunnel between sites.

    To explain my current network configuration please see the attached diagram. Site A has a Juniper firewall SRX345 with a public IP address, and site B has a 4G broadband router with a private IP address. Currently, site A has a switch and it has VLAN 300 configured and many devices are connected to that VLAN 300. I want to create a VPN tunnel between the two sites and provide access to the VLAN 300 on site B. So any device can easily connect to the same VLAN 300 on site B. Both devices A and B should be able to talk to each other as they will be in the same network. Is there any guidance for this type of configuration? If someone can provide a detail guide that would be great. 

    Abdul Qurashi

  • 2.  RE: VPN tunnel between public IP address and broadband based network

    Posted 08-08-2022 12:35
    Thats not how IPSec VPN tunnels work.  They will be Layer 3 routed tunnels not Layer2 extensions.

    If site B is in a different subnet, then simply create site B as a dynamic addressed VPN gateway and you are good.

    For an L2 extension, you need to add another encapsulation, like MPLSoverIPSec or MPLSoGREoIPSec, but the cost is configuration and performance.

    Of course, in a ny configuration, you will need a router at site b that also supports whatever tunneling you are trying to configure.  Most consumer grade home routers may support IPSec VPN (not sure if standards based) and *may* interop with the SRX, but very unlikely they can do an interoperable L2Extension.

    David Divins