Hi But the tunnels peering with non juniper firewalls, so I didnt assign st0 interfaces an IP addresses.And since all st0 interfaces are unnumbered then I think one out of them will borrow the external interface IP address.
Sent from Yahoo Mail for iPhone On Friday, November 3, 2017, 4:21 AM, Hugo Slabbert <h...@slabnet.com> wrote: On Fri 2017-Nov-03 00:57:47 +0000, M Abdeljawad via juniper-nsp <juniper-nsp@puck.nether.net> wrote: >Hi >I want to create three VPN tunnels with third party peers, I want to use >route-based VPN with traffic selector as each tunnel has multiple >destinations.So can I use multiple st0 interfaces "one for each tunnel"? Yes; the routed IPSEC tunnels are bound to subinterfaces to st0, so e.g. st0.1 (unit 1), st0.2, st0.3, and so forth. Set that interface or the IP on the other end as your next-hop for whatever traffic you want to push through that particular tunnel (or run a routing protocol across it if that's preferred) and go to town. >(As I have only one VPN tunnel up out of the three tunnels). I don't understand this part. I don't see anything that would prevent you from having all of the tunnels up simultaneously unless you want to intentionally shut them for some reason. -- Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com pgp key: B178313E | also on Signal _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
