Further to Morgan and Andrew's comments, the st0 interface will follow whichever interface you have bound to the "external-interface" in your IKE Gateway configuration (ge-0/0/0.0 in the AWS example), so if you bind this to a reth (and have the st0 interface in the same redundancy group) you'll be golden.
On 6 May 2014, at 10:44 am, Morgan McLean <wrx...@gmail.com> wrote: > Andy, > > Assuming you have your own IP space, you put a public address on the > loopback. Whichever member is active for lo0 will handle the IPSEC if i > recall. > > Theres some juniper docs on the details. ST0 will always be on which ever > node is primary. > > Thanks, > Morgan > > > On Mon, May 5, 2014 at 5:37 PM, Andrew Jones <a...@jonesy.com.au> wrote: > >> You don't need to do anything special to make the st0 interface redundant, >> it will always run on the active node. >> >> >> On 06.05.2014 08:38, Andy Litzinger wrote: >> >>> Hi Morgan, >>> >>> I presume that with regards to the loopback you are referring to the >>> external interface I use as my IPSec peer toward Amazon? >>> >>> what about the internal logical st interface that I need to create in >>> order >>> to route my internal traffic into the tunnel? How do I make that >>> redundant? >>> >>> thanks! >>> -andy >>> >>> >>> On Mon, May 5, 2014 at 3:30 PM, Morgan McLean <wrx...@gmail.com> wrote: >>> >>> Use your loopback and put that in a reth. >>>> >>>> Thanks, >>>> Morgan >>>> >>>> >>>> On Mon, May 5, 2014 at 3:23 PM, Andy Litzinger < >>>> andy.litzinger.li...@gmail.com> wrote: >>>> >>>> Hi All, >>>>> Two related questions. I have a pair of SRX 3400s in an >>>>> Active/Passive >>>>> cluster. They rely on an external gateway for internet access (i.e. my >>>>> ISPs don't terminate on the SRXs). I am setting up redundant tunnels to >>>>> an >>>>> AWS VPC. Amazon has an example for J-Series ( >>>>> >>>>> http://docs.aws.amazon.com/AmazonVPC/latest/ >>>>> NetworkAdminGuide/Juniper.html >>>>> ), >>>>> but I don't think it's for a cluster set-up. >>>>> >>>>> Here are my questions: >>>>> >>>>> 1 - If I want to set up a redundant secure tunnel interface (e.g. st0), >>>>> should i bind it to an reth interface? >>>>> >>>>> 2 - Has anyone connected an Active/Passive SRX cluster to an AWS VPC? >>>>> Any >>>>> tips or tricks you care to share? >>>>> >>>>> regards, >>>>> -andy >>>>> _______________________________________________ >>>>> juniper-nsp mailing list juniper-nsp@puck.nether.net >>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp >>>>> >>>>> >>>> >>>> _______________________________________________ >>> juniper-nsp mailing list juniper-nsp@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/juniper-nsp >>> >> >> _______________________________________________ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp