Hi all,
I've been given the task of setting up some SRX300's in multiple remote sites to replace Cisco 891's. I've only ever worked with Cisco gear before, and I've spent the last week reading the Day One books Juniper offers and experimenting with some EX2300's.
I'll be setting up S2S VPN's between every office in a mesh from SRX300's to an ASA5512-X. I've been bouncing between Juniper Day One material, KB's, and JWeb to learn the syntax and commands.
I'm a little stumped on the st0 (secure tunnel interfaces) that Juniper uses. They seem to be configured as a normal L3 logical interface and require an IP address. Traffic destined for the tunnel is then routed to this IP and interface.
In comparison, for Cisco you just map the VPN to the external interface/public IP, no special/separate VPN interface required. The tunnel is recognized as the destination when the route table is checked.
My question(s):
If I'm setting up multiple S2S VPN's with different destinations "address books" do I need to configure multiple st0.* interfaces each with their own IP address? Can I use the same interface ex. st0.0 to for all VPNs?
Lastly, any insight on why it's required to be this way? Why a separate L3 interface is required.
I'm brand new to Junos so I apologize ahead of time for any mistakes or misunderstanding on my part. Appreciate any insight!
No comments:
Post a Comment