Some doubts on policy based vpns



  • (please answer in relation with juniper devices)
    In a policy based vpn can we give source-address any destination-address any applocation any in permit tunnel policy? If ye will that give me 0/0 as proxy ids?

    Why can’t we do NAT in policy based vpn? If proxy id is the issue we can change the proxy ids manually will then nat work in policy based vpn?

    And finally why we enable routing protocols in rout based vpns? Cant we do it in polocy based?

    Thanks in advance



  • 1. I think it can be done (haven’t tried) and Proxy ID should be 0/0 in this case.
    2. I haven’t tried this either.
    3. Well, you should route pacekts somehow, shouldn’t you? Router is one name of the device 🙂 You do it one way or the other. I don’t “enable routing protocols”, I just configure destination routes and NHTB-tables.


 

33
Online

38.4k
Users

12.7k
Topics

44.5k
Posts