Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

It is currently Wed Dec 06, 2023 8:39 am

Message body:
Enter your message here, it may contain no more than 60000 characters. 

:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:
Font size:
Font colour
BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON
Disable BBCode
Disable smilies
Do not automatically parse URLs
Confirmation code
Confirmation code:
In an effort to prevent automatic submissions, we require that you enter both of the words displayed into the text field underneath.

Topic review - Juniper SRX Hub-and-Spoke IPSEC VPN \w HUB behind NAT.
Author Message
Post subject: Juniper SRX Hub-and-Spoke IPSEC VPN \w HUB behind NAT.  |  Post Posted: Tue Oct 29, 2013 11:25 am
Since there are not many scenarios when the HUB is behind NAT, I've created an article that describes situations when two spokes are behind NAT and only one has a static NAT.

Most of the hub-and-spoke ipsec VPN environments have the HUB configured with a public IP address, but sometimes the HUB is behind static NAT (all packets to a public IP address on the NAT device are forwarded to the Ipsec HUB SRX device and all packets from this box are source nated to the same public IP that never changes).

This is the same as having two spokes behind NAT and one of them having static NAT and a tunnel between the two is necessary. Below articles describes this situation and provides solution to make the static NAT spoke (or HUB) establish ipsec phase 1 with other spoke behind NAT.
Jump to:  
cronNews News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list

Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]