You might consider (at least as a workaround) using lt- interfaces as "additional loopbacks". I've had success using lt- ints as holders of a gateway IP when, for reasons like what you mentioned, I didn't want them on a physical interface and couldn't make it work on a loopback (not being able to use multiple addresses on a loopback)
-- Jeff On May 6, 2014 8:24 AM, Mattias Gyllenvarg <matt...@gyllenvarg.se> wrote: > > Turns out the HUB node can not be on use a "secondary" IP as the Gateway IP > for the IPsec termination. > This workes on SRX240 in a very similar installation. But not on the > SRX210HE2 in this installation. > > //Mattias Gyllenvarg > > On Fri, May 2, 2014 at 5:07 PM, Mike Devlin <mikecdev...@gmail.com> wrote: > > > config please > > > > > > On Fri, May 2, 2014 at 9:33 AM, Mattias Gyllenvarg > > <matt...@gyllenvarg.se>wrote: > > > >> Hi All > >> > >> I have been cracking my skull on this one for a while now and I am not > >> getting anywhere I want to go. So, here is a nut for anyone proficient in > >> Site-To-Site VPN with PKI and Distinguished names on SRX. > >> > >> TLDR; New installation of a setup I already have working on a global > >> scale. > >> Only difference in HW is a SRX210HE2 as HUB compared to a 240 in the > >> working installation. > >> Error is NO proposal chosen. I get this even if I try it with static IPs > >> and PSK. > >> Junos is [12.1X44-D20.3] > >> Waiting to try [12.1X44-D30.4] but I dont have it yet. > >> > >> So, I have double checked the proposals (they come from a template) many > >> times. > >> Removed and reapplied all security config. Reloaded and so on. > >> st0.0 is in trusted and all policies are in place. > >> > >> Can't find a known bug or deeper troubleshooting help then check your > >> proposals, for this error. > >> > >> -- > >> *Best Regards* > >> *Mattias Gyllenvarg* > >> _______________________________________________ > >> juniper-nsp mailing list juniper-nsp@puck.nether.net > >> https://puck.nether.net/mailman/listinfo/juniper-nsp > >> > > > > > > -- > *Med Vänliga Hälsningar / Best Regards* > *Mattias Gyllenvarg* > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp