Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ

It is currently Thu Mar 30, 2023 8:03 pm

ROOT ‹ Network Security & Routing & Switching ‹ VPN / Dynamic VPN / Ipsec ‹ Juniper SRX Hub-and-Spoke IPSEC VPN \w HUB behind NAT.

Post a reply

1 post • Page 1 of 1

Juniper SRX Hub-and-Spoke IPSEC VPN \w HUB behind NAT.

« Previous topic | Next topic »

Author

Message

mandrei99

Post subject: Juniper SRX Hub-and-Spoke IPSEC VPN \w HUB behind NAT. | Posted: Tue Oct 29, 2013 11:25 am

Joined: Tue Aug 04, 2009 9:16 am
Posts: 250

Juniper SRX Hub-and-Spoke IPSEC VPN \w HUB behind NAT.

Since there are not many scenarios when the HUB is behind NAT, I've created an article that describes situations when two spokes are behind NAT and only one has a static NAT.

Most of the hub-and-spoke ipsec VPN environments have the HUB configured with a public IP address, but sometimes the HUB is behind static NAT (all packets to a public IP address on the NAT device are forwarded to the Ipsec HUB SRX device and all packets from this box are source nated to the same public IP that never changes).

This is the same as having two spokes behind NAT and one of them having static NAT and a tunnel between the two is necessary. Below articles describes this situation and provides solution to make the static NAT spoke (or HUB) establish ipsec phase 1 with other spoke behind NAT.

http://forum.ivorde.ro/juniper-srx-spoke-to-spoke-ipsec-vpn-when-both-spokes-are-behind-nat-t15671.html

			Tweet
Follow @IvordeCom

You might also be interested in:
Juniper SRX Spoke-to-Spoke IPSEC VPN \w spokes behind NAT.. Juniper SRX MTU / MSS / Fragmentation problems with Ipsec vpn tunnel. OpenSSL CA signed certificates based Ipsec VPN between Two Juniper SRX devices. Juniper SRX 11.4: Bypass IPSEC VPN IKE ID validation for "remote-identity". Linux site to site GRE over IPSEC VPN tunnels using racoon & kame ipsec-tools. Site2Site Ipsec/Dialup/ike v2. Iphone/Ipad Ipsec VPNs using SSL certificates - How to use OpenSSL to generate and format certs. PKI: How to import OpenSSL private key and public certificate in Juniper SRX. Juniper SRX: Main mode for dynamic peer with Preshared key based authentication is not allowed. error: Failed to encode the certificate request in PKCS-10 format - Juniper SRX PKI error.

Top

Post a reply

1 post • Page 1 of 1

Topics		Author	Replies	Views	Last post
Topics related to - "Juniper SRX Hub-and-Spoke IPSEC VPN \w HUB behind NAT."
	Juniper SRX Spoke-to-Spoke IPSEC VPN \w spokes behind NAT.	mandrei99	0	5052	Tue Oct 29, 2013 9:22 am mandrei99
	Juniper SRX MTU / MSS / Fragmentation problems with Ipsec vpn tunnel	debuser	2	27433	Mon Jul 08, 2013 5:54 am Tears
	OpenSSL CA signed certificates based Ipsec VPN between Two Juniper SRX devices	debuser	2	11635	Thu Jun 27, 2013 10:40 am mandrei99
	Juniper SRX 11.4: Bypass IPSEC VPN IKE ID validation for "remote-identity"	mandrei99	0	4662	Thu Oct 31, 2013 5:00 am mandrei99
	Linux site to site GRE over IPSEC VPN tunnels using racoon & kame ipsec-tools	mandrei99	0	15765	Tue Jan 13, 2015 6:26 am mandrei99
	Site2Site Ipsec/Dialup/ike v2	balzac123	0	2512	Wed Sep 16, 2015 9:07 am balzac123
	Iphone/Ipad Ipsec VPNs using SSL certificates - How to use OpenSSL to generate and format certs	mandrei99	0	5532	Wed Apr 10, 2013 5:42 am mandrei99
	PKI: How to import OpenSSL private key and public certificate in Juniper SRX	mandrei99	0	42416	Fri Dec 12, 2014 10:07 am mandrei99
	Juniper SRX: Main mode for dynamic peer with Preshared key based authentication is not allowed	mandrei99	0	3903	Fri Jan 09, 2015 11:41 am mandrei99
	error: Failed to encode the certificate request in PKCS-10 format - Juniper SRX PKI error	mandrei99	0	2999	Fri Dec 12, 2014 10:32 am mandrei99

Who is online

Users browsing this forum: No registered users and 0 guests

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:

Channel list

ROOT ‹ Network Security & Routing & Switching ‹ VPN / Dynamic VPN / Ipsec

Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]