On Wednesday, January 16, 2013, Pavel Lunin wrote:
Despite this is pretty obvious and elegant, it's a very common case when
you can't do this for whatever reason. E. g. older IOS could not do VTI
without GRE but SRX cluster could not do GRE until very recent; remote
peer is just too dumb,
Hi
I have VPN between Cisco 2900 and SRX 240. VPN is working good, but guys
on Cisco side would like to have also access to my second subnet
10.16.0.0/24
How to handle this on SRX side ? I can have only one possition at
proxy-identity local
My config:
set security ipsec vpn TEST ike
Juniper solution is to either set up multiple tunnels, one for each
proxy-id, or to convert the remote side to route-based VPN.
On the Cisco side it is implemented via VTI, for IPSec traffic have a
tunnel interface like GRE tunnel and place traffic onto it via routing
instead of crypto-maps.
16.01.2013 20:46, Anton Yurchenko wrote:
Juniper solution is to either set up multiple tunnels, one for each
proxy-id, or to convert the remote side to route-based VPN.
On the Cisco side it is implemented via VTI, for IPSec traffic have a
tunnel interface like GRE tunnel and place traffic
4 matches
Mail list logo