A little vague question but I will try. The Hub is dynamic (PKI + Distinguished names). Spokes connect to the external IF of the HUB.
Jeff, regarding Loopbacks. Would you configure an IP from the extrenal scope (have a /29) as Loopback to run the VPN via? Never though of having a loopback in the untrusted side. :) //Mattias On Tue, May 6, 2014 at 2:35 PM, Mike Devlin <mikecdev...@gmail.com> wrote: > are using local-address config line under edit security ike gateway blah? > > > On Tue, May 6, 2014 at 8:24 AM, Mattias Gyllenvarg > <matt...@gyllenvarg.se>wrote: > >> Turns out the HUB node can not be on use a "secondary" IP as the Gateway >> IP for the IPsec termination. >> This workes on SRX240 in a very similar installation. But not on the >> SRX210HE2 in this installation. >> >> //Mattias Gyllenvarg >> >> >> On Fri, May 2, 2014 at 5:07 PM, Mike Devlin <mikecdev...@gmail.com>wrote: >> >>> config please >>> >>> >>> On Fri, May 2, 2014 at 9:33 AM, Mattias Gyllenvarg < >>> matt...@gyllenvarg.se> wrote: >>> >>>> Hi All >>>> >>>> I have been cracking my skull on this one for a while now and I am not >>>> getting anywhere I want to go. So, here is a nut for anyone proficient >>>> in >>>> Site-To-Site VPN with PKI and Distinguished names on SRX. >>>> >>>> TLDR; New installation of a setup I already have working on a global >>>> scale. >>>> Only difference in HW is a SRX210HE2 as HUB compared to a 240 in the >>>> working installation. >>>> Error is NO proposal chosen. I get this even if I try it with static IPs >>>> and PSK. >>>> Junos is [12.1X44-D20.3] >>>> Waiting to try [12.1X44-D30.4] but I dont have it yet. >>>> >>>> So, I have double checked the proposals (they come from a template) many >>>> times. >>>> Removed and reapplied all security config. Reloaded and so on. >>>> st0.0 is in trusted and all policies are in place. >>>> >>>> Can't find a known bug or deeper troubleshooting help then check your >>>> proposals, for this error. >>>> >>>> -- >>>> *Best Regards* >>>> *Mattias Gyllenvarg* >>>> _______________________________________________ >>>> juniper-nsp mailing list juniper-nsp@puck.nether.net >>>> https://puck.nether.net/mailman/listinfo/juniper-nsp >>>> >>> >>> >> >> >> -- >> *Med Vänliga Hälsningar / Best Regards* >> *Mattias Gyllenvarg* >> > > -- *Med Vänliga Hälsningar / Best Regards* *Mattias Gyllenvarg* _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp