I've been able to configure an IPsec VPN to connect from within a
virtual router without issue. (external-interface is it's own routing
instance and security zone) The st0.X interface associated to the VPN is
in inet.0 however and OSPF works across it. Effectively I can have a
primary and backup site to site VPN from a remote POP over different WAN
links.
This has worked on 11.4R7.5 and 12.1X44.
On 3/30/2015 10:03 AM, M Abdeljawad via juniper-nsp wrote:
Hi All
I have a question about SRX VPN support under virtual router;There are two WAN
links and each link member in different Virtual Router (not inet0), and the VPN
tunnels must be established from both virtual routers
Per to my search I found two conflict results as below;
Below KB link mention that its supported, and the st0interface and the IKE
listener interface can be assigned to the custom virtualrouter.
http://kb.juniper.net/InfoCenter/index?page=content&id=KB21487
And below document link mention that the IKE listener mustbe member of inet.0
for the VPN to work.
http://www.juniper.net/documentation/en_US/junos11.4/topics/concept/virtual-router-support-for-route-based-vpns.html
What if I used Lo0 interface and assigned it to inet.0 andused it as the
external VPN interface, is this valid solution?
RegardsMahmoud
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
