Urgent doubt - different source IP of my network

  • Hello Sirs.

    I work with the juniper little time and have a doubt kinda urgent.

    I have configured my network in the following configuration:

    Trust - Trust-vr - eth01 -

    all computers on my network using the settings above.

    and two WAN interfaces on Untrust - untrust-vr.

    I have a partner who must close a VPN, this partner uses a cisco ASA and he just accepts close the VPN if the source IP is:

    How can I close with VPN proxy ID being my network works

    I need to configure my proxy ID as source IP, but as my network will communicate over the VPN is that all computers on the network are 172.28? 😞


  • I just noticed that I swapped the 2 networks, that you mentioned. Obviously you just need to do the opposite of what I said IP address wisely 😉

  • Hi there

    I would make the network as a loopback interface in the SSG putting it in the trust zone.

    I would then MIP the whole address block to via the interface configuration.

    I would then make a policy based (route based would probably do it too) VPN from the MIP object towards the remote network (and vice versa if tunnel is bidirectional)

    I would then manually put the proxy ID (remote, local and protocol) into the auto IKE phase 2 configuration.

    This should do the trick.