Route Based VPN



  • Hello I have a problem. Help someone thanks

    My network 10.2.0.0 / 20  Juniper A
    My netowrk 10.1.0.0 /20  Juniper B
    Mailserver1 10.2.1.247 (Juniper A)
    MailServer2 10.1.1.247 (Juniper B)

    Juniper A
     eth 0/0 = trust 10.2.1.254/20
     eth 0/1 = untrust WANIP / VPN interface (Metro)
     eth 0/2 =leaseline

    Juniper A between Juniper B route based VPN
    defined AutoKey and Gateway
    VPN bind to tunnel01 unnumbered eth0/1 (for backup)
    Destination Route 0.0.0.0/0 eth0/1 metric 1
    Destination Route 10.2.0.0/20 tunnel01 metric 1

    My mail server behind Juniper A
    Mail Server IP adress 10.2.1.247 on the juniper A Source Route 10.2.1.247/32 eth0/2 metric 1 (leaseLine) it s going internet on eth0/2
    defined vpn on eth0/1

    Problem
    Mail server1 dont ping MailServer2 behind the juniper B because source route 10.2.1.247

    how to resolve problem? 
    or any idea for vpn backup



  • I don’t have an error. below source route table

    • 10.2.2.0/24 88.246.2.1 ethernet3/0 S  12 Root   
        10.2.2.0/24 88.246.2.1 ethernet3/1 S  13 Root

    • 10.2.3.0/24 88.246.2.1 ethernet3/1 S  14 Root   
        10.2.3.0/24 88.246.2.1 ethernet3/0 S  15 Root

    • 10.2.4.0/25 88.246.2.1 ethernet3/1 S  16 Root   
        10.2.4.0/25 88.246.2.1 ethernet3/0 S  17 Root

    • 10.2.4.128/25 88.246.2.1 ethernet3/0 S  18 Root   
        10.2.4.128/25 88.246.2.1 ethernet3/1 S  19 Root

    • 10.2.10.0/24 88.246.2.1 ethernet3/1 S  20 Root

    • 10.2.0.247/32 213.243.4.161 ethernet0/3 S 20 1 Root          eth0/3 lease line
        10.2.0.247/32 212.156.51.45 ethernet0/1 S 20 2 Root          eth0/1 vpn interface (remote network 10.1.0.0/24)

    10.2.10.0/24 85.105.160.1 ethernet3/0 S 20 21 Root

    • 10.3.0.0/24 85.105.160.1 ethernet3/0 S 20 22 Root   
        10.3.0.0/24 88.247.188.1 ethernet3/1 S 20 23 Root

    main mail serverIP: 10.2.0.247
    remote mail serverIP: 10.1.0.247

    dont ping remote mail server. when remove source route everything ok. but I want to use eth0/3 for main server?
    I hope describe 🙂

    thnks for your replay

    destination route table

    • 10.2.0.0/20  ethernet0/0 C    Root    -
    • 10.2.1.254/32  ethernet0/0 H    Root    -
    • 212.156.51.44/30  ethernet0/1 C    Root    -
    • 212.156.51.46/32  ethernet0/1 H    Root    -
    • 92.45.31.200/32  ethernet0/2 C    Root    -
    • 92.45.31.200/32  ethernet0/2 H    Root    -
    • 213.243.4.160/28  ethernet0/3 C    Root    -
    • 213.243.4.163/32  ethernet0/3 H    Root    -
    • 85.105.160.54/32  ethernet3/0 C    Root    -
    • 85.105.160.54/32  ethernet3/0 H    Root    -
    • 88.247.190.212/32  ethernet3/1 C    Root    -
    • 88.247.190.212/32  ethernet3/1 H    Root    -
    • 10.3.0.0/24  ethernet3/5 C    Root    -
    • 10.3.0.254/32  ethernet3/5 H    Root    -
        10.0.0.0/30  shdsl5/0 C    Root    -
    • 10.0.0.2/32  shdsl5/0 H    Root    -
    • 0.0.0.0/0 212.156.51.45 ethernet0/1 S  21 Root    Remove
    • 10.1.1.88/32  tunnel.100 S 20 2 Root    Remove
    • 10.1.1.89/32  tunnel.100 S 20 2 Root    Remove
    • 192.168.13.0/24  tunnel.300 S 1 1 Root    Remove
        192.168.13.0/24  tunnel.299 S 2 1 Root    Remove
        0.0.0.0/0 92.44.0.16 ethernet0/2 C  25 Root    -
        0.0.0.0/0 88.247.188.1 ethernet3/1 C  24 Root    -
        0.0.0.0/0 85.105.160.1 ethernet3/0 C  23 Root    -


  • what is the error message from the logs on your both firewalls.

    you need to check if vpn traffic is going to the designated tunnel interface ( get route ip (remote subnet for vpn)

    you can paste it here so we can check…

    winters…


 

36
Online

38.4k
Users

12.7k
Topics

44.5k
Posts