Wired Intelligent Edge

last person joined: 12 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

MAS site to site VPN to Juniper SRX

This thread has been viewed 1 times

  • 1.  MAS site to site VPN to Juniper SRX

    Posted Jan 20, 2014 06:35 PM

    Hi!

     

    I'm currently designing a setup where multiple MAS (S1500) will be deployed on remote sites acting as default gateway for the clients and access points (Instant) and provide the IPSEC tunnel to the centrally placed Juniper SRX. I'm running into some issues getting the tunnel up, I get phase 1 up but not phase 2. I'm trying to use IKEv2 with PSKs.

     

    Has anyone built an IPSEC tunnel from a MAS to a Juniper device? Any tips would be helpful!

     

    I'm running the latest 7.3.0.1 firmware on my switch and the SRX is running JUNOS 12.1X45-D15.5.

     

    Thank you,

    Will



  • 2.  RE: MAS site to site VPN to Juniper SRX

    Posted Jan 23, 2014 04:27 AM

    I'm bumping this. I've managed to get a little bit forward. I got the tunnel up using IKEv1 but on the Juniper side of the configuration I had an interface linked to the inside of the tunnel, which makes it a "route based VPN". I can't find anywhere in the MAS to give the inside of an IPSEC tunnel an IP address, is there such setting?

     

    If not, we need to go for "policy based VPN" but as soon as I remove that interface linked to the inside on the juniper side of the tunnel, the tunnel goes down. 

     

    Any advise would be helpful.