Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Thu Dec 07, 2023 7:52 am


Author Message
mandrei99
Post  Post subject: Juniper SRX Hub-and-Spoke IPSEC VPN \w HUB behind NAT.  |  Posted: Tue Oct 29, 2013 11:25 am

Joined: Tue Aug 04, 2009 9:16 am
Posts: 250

Offline
 

Juniper SRX Hub-and-Spoke IPSEC VPN \w HUB behind NAT.

Since there are not many scenarios when the HUB is behind NAT, I've created an article that describes situations when two spokes are behind NAT and only one has a static NAT.

Most of the hub-and-spoke ipsec VPN environments have the HUB configured with a public IP address, but sometimes the HUB is behind static NAT (all packets to a public IP address on the NAT device are forwarded to the Ipsec HUB SRX device and all packets from this box are source nated to the same public IP that never changes).

This is the same as having two spokes behind NAT and one of them having static NAT and a tunnel between the two is necessary. Below articles describes this situation and provides solution to make the static NAT spoke (or HUB) establish ipsec phase 1 with other spoke behind NAT.

http://forum.ivorde.ro/juniper-srx-spoke-to-spoke-ipsec-vpn-when-both-spokes-are-behind-nat-t15671.html





Top
Display posts from previous:  Sort by  
E-mail friendPrint view

Topics related to - "Juniper SRX Hub-and-Spoke IPSEC VPN \w HUB behind NAT."
 Topics   Author   Replies   Views   Last post 
There are no new unread posts for this topic. Attachment(s) Juniper SRX Spoke-to-Spoke IPSEC VPN \w spokes behind NAT.

mandrei99

0

5193

Tue Oct 29, 2013 9:22 am

mandrei99 View the latest post

There are no new unread posts for this topic. Juniper SRX MTU / MSS / Fragmentation problems with Ipsec vpn tunnel

debuser

2

27721

Mon Jul 08, 2013 5:54 am

Tears View the latest post

There are no new unread posts for this topic. OpenSSL CA signed certificates based Ipsec VPN between Two Juniper SRX devices

debuser

2

11811

Thu Jun 27, 2013 10:40 am

mandrei99 View the latest post

There are no new unread posts for this topic. Juniper SRX 11.4: Bypass IPSEC VPN IKE ID validation for "remote-identity"

mandrei99

0

4827

Thu Oct 31, 2013 5:00 am

mandrei99 View the latest post

There are no new unread posts for this topic. Linux site to site GRE over IPSEC VPN tunnels using racoon & kame ipsec-tools

mandrei99

0

15965

Tue Jan 13, 2015 6:26 am

mandrei99 View the latest post

There are no new unread posts for this topic. Site2Site Ipsec/Dialup/ike v2

balzac123

0

2631

Wed Sep 16, 2015 9:07 am

balzac123 View the latest post

There are no new unread posts for this topic. Iphone/Ipad Ipsec VPNs using SSL certificates - How to use OpenSSL to generate and format certs

mandrei99

0

5663

Wed Apr 10, 2013 5:42 am

mandrei99 View the latest post

There are no new unread posts for this topic. PKI: How to import OpenSSL private key and public certificate in Juniper SRX

mandrei99

0

43618

Fri Dec 12, 2014 10:07 am

mandrei99 View the latest post

There are no new unread posts for this topic. Juniper SRX: Main mode for dynamic peer with Preshared key based authentication is not allowed

mandrei99

0

4042

Fri Jan 09, 2015 11:41 am

mandrei99 View the latest post

There are no new unread posts for this topic. error: Failed to encode the certificate request in PKCS-10 format - Juniper SRX PKI error

mandrei99

0

3165

Fri Dec 12, 2014 10:32 am

mandrei99 View the latest post

 

Who is online
Users browsing this forum: No registered users and 1 guest
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Jump to:  
News News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO