SRX Route-Based Vpn
Aug 20
Hi,
I have previously written a blog post on Policy-Based VPN(https://r2079.wordpress.com/2015/07/12/contructing-an-ipsec-site-to-site-vpn-on-vsrx/), coming from pure service provider world I would rather enjoy a Route-Based Vpn more than a policy based VPN ;).
I have
1.1.1.1 —(st0.0 172.16.1.1)srx1(5.5.12.1) ———–ipsec-tunnel————–srx2(5.5.12.2)(st0 172.16.1.2)—2.2.2.2
First steps first – Check if you have ST Interface on your SRX device, there is no reason why it should not be!
second, see if you have all security zones and policies are in place
Third, assign ip-address to your st0 interface
Fourth- Build your IKE policy and Ipsec-Policy – Very important – BIND YOUR ST0 interface here
fifth, write appropriate security-policies and also verify that your ST0 is called to appropriate zone and it allows required protocols for me it was only icmp
lastly check your SA and reachability
Regards
Rakesh