01-20-2014 03:34 PM
I'm currently designing a setup where multiple MAS (S1500) will be deployed on remote sites acting as default gateway for the clients and access points (Instant) and provide the IPSEC tunnel to the centrally placed Juniper SRX. I'm running into some issues getting the tunnel up, I get phase 1 up but not phase 2. I'm trying to use IKEv2 with PSKs.
Has anyone built an IPSEC tunnel from a MAS to a Juniper device? Any tips would be helpful!
I'm running the latest 188.8.131.52 firmware on my switch and the SRX is running JUNOS 12.1X45-D15.5.
01-23-2014 01:26 AM
I'm bumping this. I've managed to get a little bit forward. I got the tunnel up using IKEv1 but on the Juniper side of the configuration I had an interface linked to the inside of the tunnel, which makes it a "route based VPN". I can't find anywhere in the MAS to give the inside of an IPSEC tunnel an IP address, is there such setting?
If not, we need to go for "policy based VPN" but as soon as I remove that interface linked to the inside on the juniper side of the tunnel, the tunnel goes down.
Any advise would be helpful.