There are two methods possible ways of doing this (to me). 1) Stand up two VPN tunnels and just have one down at all times. You would use your existing configuration (assuming it's main mode) and just change the source IP where you expect the VPN initiator to come from.
2) Change your existing main mode vpn into an aggressive mode VPN. This way you can local identity authenticate based upon FQDN and the IP check of the initiator doesn't take place. This might help: http://www.juniper.net/techpubs/software/junos-security/junos-security10.2/junos-security-swconfig-security/topic-40777.html On Wed, May 11, 2011 at 7:53 AM, Pappas, AJ <apap...@ottawaregional.org>wrote: > I have a srx240. I have someone who has a vpn with us who wants to change > from a static IP address on an ipsec tunnel to a FQDN. Is there any > documentation on how to do this or if it is possible? He is able to > provide the two ip’s to me that it will be coming from. This is for a > failover from them. Two separate providers / ip’s.**** > > ** ** > > *AJ Pappas * | Network Administrator ** > > *Ottawa Regional Hospital & Healthcare Center* > [image: Description: Description: Description: logo]** > > > www.ottawaregional.org | apap...@ottawaregional.org > *phone:* 815.431.5180 | *mobile line: *815.993.8522 > 1100 East Norris Drive, Ottawa, IL 61350 USA**** > > ** ** > > *P* Please consider the environment before printing this e-mail. **** > > ** ** > > ** ** > > Confidentiality Notice: This e-mail may contain confidential information. > The information is intended only for the use of the recipient named above. > If you are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or the taking of any action in reliance > on the contents of this information, except its direct delivery to the > intended recipient named above, is strictly prohibited. If you have > received this e-mail in error, please notify the sender of this and also > delete the e-mail from all systems this message is stored on.**** > > ** ** > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp >
<<image001.jpg>>
_______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp