Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

Juniper SRX Hub-and-Spoke IPSEC VPN \w HUB behind NAT.
Page 1 of 1

Author:  mandrei99 [ Tue Oct 29, 2013 11:25 am ]
Post subject:  Juniper SRX Hub-and-Spoke IPSEC VPN \w HUB behind NAT.

Since there are not many scenarios when the HUB is behind NAT, I've created an article that describes situations when two spokes are behind NAT and only one has a static NAT.

Most of the hub-and-spoke ipsec VPN environments have the HUB configured with a public IP address, but sometimes the HUB is behind static NAT (all packets to a public IP address on the NAT device are forwarded to the Ipsec HUB SRX device and all packets from this box are source nated to the same public IP that never changes).

This is the same as having two spokes behind NAT and one of them having static NAT and a tunnel between the two is necessary. Below articles describes this situation and provides solution to make the static NAT spoke (or HUB) establish ipsec phase 1 with other spoke behind NAT.

Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group