Wired Intelligent Edge (Campus Switching and Routing)

New Contributor

MAS site to site VPN to Juniper SRX



I'm currently designing a setup where multiple MAS (S1500) will be deployed on remote sites acting as default gateway for the clients and access points (Instant) and provide the IPSEC tunnel to the centrally placed Juniper SRX. I'm running into some issues getting the tunnel up, I get phase 1 up but not phase 2. I'm trying to use IKEv2 with PSKs.


Has anyone built an IPSEC tunnel from a MAS to a Juniper device? Any tips would be helpful!


I'm running the latest firmware on my switch and the SRX is running JUNOS 12.1X45-D15.5.


Thank you,


New Contributor

Re: MAS site to site VPN to Juniper SRX

I'm bumping this. I've managed to get a little bit forward. I got the tunnel up using IKEv1 but on the Juniper side of the configuration I had an interface linked to the inside of the tunnel, which makes it a "route based VPN". I can't find anywhere in the MAS to give the inside of an IPSEC tunnel an IP address, is there such setting?


If not, we need to go for "policy based VPN" but as soon as I remove that interface linked to the inside on the juniper side of the tunnel, the tunnel goes down. 


Any advise would be helpful.

Search Airheads
Showing results for 
Search instead for 
Did you mean: