subject:"\[j\-nsp\] Srx 240 ipsec site to site"

Re: [j-nsp] Srx 240 ipsec site to site

2013-05-13 Thread Misha Gzirishvili

Sorry, I missed that both sides have dynamic IP addresses.
My fault : )
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Srx 240 ipsec site to site

2013-05-13 Thread Nc Aji

Yes the issue is dyn-dns support , does any one have working scripts and
procedures for getting this work ?


On Mon, May 13, 2013 at 10:22 AM, Nick Kritsky wrote:

> I guess you can achieve this functionality using event-scripts.
>
> Nick
>
>
> On Mon, May 13, 2013 at 10:30 AM, Klaus Groeger  wrote:
>
> > Hi
> >
> >
> > you may not resolve the issue with auto vpn, because the main problem is:
> > both sites are assigned the IPs dynamically - via dhcp or whatever. If
> > both sites do not know the peer's IP address, they cannot establish a
> > tunnel.
> >
> >
> > In ScreenOS, one has the option to use hostname instead of an IP address,
> > the system makes a name lookup and connects to the resolved address. This
> > isn't possible with SRX, because the hostname is resolved during
> > configuration and the IP address will be naild down in the config.
> >
> >
> > Even if you use aggressive mode, one site has to be a fixed IP address!
> >
> >
> > Regards
> >
> >
> > Klaus
> >
> >
> >
> > —
> > Sent from Mailbox for iPhone
> >
> >
> > On So., Mai 12, 2013 at 20:58, Misha Gzirishvili <
> > misha.gzirishv...@gmail.com="mailto:misha.gzirishv...@gmail.com";>>
> wrote:
> > Hi Aji,
> > Take a look at AutoVPN.
> > Some links about it:
> > ___
> > juniper-nsp mailing list juniper-nsp@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Srx 240 ipsec site to site

2013-05-13 Thread Nick Kritsky

I guess you can achieve this functionality using event-scripts.

Nick


On Mon, May 13, 2013 at 10:30 AM, Klaus Groeger  wrote:

> Hi
>
>
> you may not resolve the issue with auto vpn, because the main problem is:
> both sites are assigned the IPs dynamically - via dhcp or whatever. If
> both sites do not know the peer's IP address, they cannot establish a
> tunnel.
>
>
> In ScreenOS, one has the option to use hostname instead of an IP address,
> the system makes a name lookup and connects to the resolved address. This
> isn't possible with SRX, because the hostname is resolved during
> configuration and the IP address will be naild down in the config.
>
>
> Even if you use aggressive mode, one site has to be a fixed IP address!
>
>
> Regards
>
>
> Klaus
>
>
>
> —
> Sent from Mailbox for iPhone
>
>
> On So., Mai 12, 2013 at 20:58, Misha Gzirishvili <
> misha.gzirishv...@gmail.com="mailto:misha.gzirishv...@gmail.com";>> wrote:
> Hi Aji,
> Take a look at AutoVPN.
> Some links about it:
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Srx 240 ipsec site to site

2013-05-12 Thread Klaus Groeger

Hi


you may not resolve the issue with auto vpn, because the main problem is: 
both sites are assigned the IPs dynamically - via dhcp or whatever. If both 
sites do not know the peer's IP address, they cannot establish a tunnel. 


In ScreenOS, one has the option to use hostname instead of an IP address, the 
system makes a name lookup and connects to the resolved address. This isn't 
possible with SRX, because the hostname is resolved during configuration and 
the IP address will be naild down in the config.


Even if you use aggressive mode, one site has to be a fixed IP address!


Regards


Klaus



—
Sent from Mailbox for iPhone


On So., Mai 12, 2013 at 20:58, Misha Gzirishvili 
mailto:misha.gzirishv...@gmail.com";>> wrote:
Hi Aji,
Take a look at AutoVPN.
Some links about it:
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Srx 240 ipsec site to site

2013-05-12 Thread Misha Gzirishvili

Hi Aji,
Take a look at AutoVPN.
Some links about it:

General 
info

Overview and 
Configuration





Regards,
Misha
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Srx 240 ipsec site to site

2013-05-12 Thread Misha Gzirishvili

And forgot to mention, that you can establish tunnel to remote site, with
dynamic IP address using aggressive mode.
You will not need dyndns for this.

Regards,
Misha
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Srx 240 ipsec site to site

2013-05-07 Thread Klaus Groeger

Hi,


have to check if using a hostname as peer address works with 12.1x44. But in 
11.4 it is not possible. As soon as one used a hostname as peer address the SRX 
resolves the IP address and puts it in the config. Still waiting for all the 
neat little features, that made ScreenOS such a strong system 


Klaus
—
Sent from Mailbox for iPhone

On Tue, May 7, 2013 at 10:59 AM, Martin, Paul 
wrote:

> Morning,
> Cisco have a DMVPN solution for this, I believe the equivalent juniper 
> solution can be seen at the following link
> http://kb.juniper.net/kb/documents/public/junos_es/JUNOS_ES_Multipoint_VPN_with_NHTB.pdf
> It's worth noting that this is a few years old now so it's likely to have 
> been superseded by something else.
> Regards
> Paul
> -Original Message-
> From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of 
> Nc Aji
> Sent: 07 May 2013 05:14
> To: juniper-nsp@puck.nether.net
> Subject: [j-nsp] Srx 240 ipsec site to site
> Dear Group,
> I have a small customer requiring a VPN between two of the sites, One site
> is so remote where in we have only 3g internet connection available. other
> site which is considered to be the main site is having  internet over an
> ADSL link . In essence both sides are getting dynamic IP address , can i
> have a site to site vpn in this situation ?
> Does SRX support dyndns feature ? can I use it for establishing site to
> site vpn  ?
> if not what is the other option to suggest to customer ?
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Srx 240 ipsec site to site

2013-05-07 Thread Martin, Paul

Morning,

Cisco have a DMVPN solution for this, I believe the equivalent juniper solution 
can be seen at the following link

http://kb.juniper.net/kb/documents/public/junos_es/JUNOS_ES_Multipoint_VPN_with_NHTB.pdf

It's worth noting that this is a few years old now so it's likely to have been 
superseded by something else.

Regards

Paul


-Original Message-
From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Nc 
Aji
Sent: 07 May 2013 05:14
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] Srx 240 ipsec site to site

Dear Group,

I have a small customer requiring a VPN between two of the sites, One site
is so remote where in we have only 3g internet connection available. other
site which is considered to be the main site is having  internet over an
ADSL link . In essence both sides are getting dynamic IP address , can i
have a site to site vpn in this situation ?

Does SRX support dyndns feature ? can I use it for establishing site to
site vpn  ?

if not what is the other option to suggest to customer ?
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Srx 240 ipsec site to site

2013-05-06 Thread Nc Aji

Dear Group,

I have a small customer requiring a VPN between two of the sites, One site
is so remote where in we have only 3g internet connection available. other
site which is considered to be the main site is having  internet over an
ADSL link . In essence both sides are getting dynamic IP address , can i
have a site to site vpn in this situation ?

Does SRX support dyndns feature ? can I use it for establishing site to
site vpn  ?

if not what is the other option to suggest to customer ?
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Srx 240 ipsec site to site

Re: [j-nsp] Srx 240 ipsec site to site

Re: [j-nsp] Srx 240 ipsec site to site

Re: [j-nsp] Srx 240 ipsec site to site

Re: [j-nsp] Srx 240 ipsec site to site

Re: [j-nsp] Srx 240 ipsec site to site

Re: [j-nsp] Srx 240 ipsec site to site

Re: [j-nsp] Srx 240 ipsec site to site

[j-nsp] Srx 240 ipsec site to site

9 matches

Site Navigation

Mail list logo

Footer information