> Somebody needs to open an enhancement request to allow multiple Proxy-IDs to > be configured for a Route-based VPN.
This was added in ScreenOS 6.3 http://www.juniper.net/techpubs/software/screenos/screenos6.3.0/630_rn_r2.pdf "Support for Multiple Proxy IDs Over Route-Based VPN—ScreenOS 6.3.0 supports multiple proxy IDs on a route-based VPN. If multiple tunnels exist between peers, the security device uses proxy IDs to route the traffic through a particular tunnel. For each proxy ID, a specific tunnel and Phase 2 SA are associated. When traffic matching a proxy ID arrives, the security device does a proxy-ID check to route that traffic. If multiple proxy IDs are defined for a route-based VPN, a proxy ID check is always performed, even if it is disabled. In a hub-and-spoke topology, proxy IDs should be defined for both hub-to-spoke and spoke-to-spoke configurations." Not sure about the SRX unfortunately. Thanks, Michael. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp