Hi, We will migrate our existing NS204 to an SSG520. In the NS204 we have a lot of route-based VPN tunnels bound to the Untrust Zone.
I have heard that you shouldn't do it like this and instead have a dedicated VPN Zone where the tunnels are terminated. Am I Correct? Is this what the predefined "Untrust-Tun" Zone is supposed to be used for? If so I have another problem. Today our IPsec tunnels are unnumbered but in a "Tunnel Zone" (as Untrust-Tun is) the tunnel interface must have an IP-address? Best Regards /// Fredrik _________________________________________________________________ Drag n’ drop—Get easy photo sharing with Windows Live™ Photos. http://www.microsoft.com/windows/windowslive/products/photos.aspx _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp