Urgent doubt - different source IP of my network



  • Hello Sirs.

    I work with the juniper little time and have a doubt kinda urgent.

    I have configured my network in the following configuration:

    Trust - Trust-vr - eth01 - 172.28.1.0/24

    all computers on my network using the settings above.

    and two WAN interfaces on Untrust - untrust-vr.

    I have a partner who must close a VPN, this partner uses a cisco ASA and he just accepts close the VPN if the source IP is: 10.1.1.0/24

    How can I close with VPN proxy ID 10.1.1.0/024 being my network works 172.28.1.0/24?

    I need to configure my proxy ID as source IP 10.1.1.0/24, but as my network will communicate over the VPN is that all computers on the network are 172.28? 😞

    Thanks!



  • I just noticed that I swapped the 2 networks, that you mentioned. Obviously you just need to do the opposite of what I said IP address wisely 😉



  • Hi there

    I would make the 172.28.1.0/24 network as a loopback interface in the SSG putting it in the trust zone.

    I would then MIP the whole 10.1.1.0/24 address block to 172.28.1.0/24 via the interface configuration.

    I would then make a policy based (route based would probably do it too) VPN from the 172.28.1.0/24 MIP object towards the remote network (and vice versa if tunnel is bidirectional)

    I would then manually put the proxy ID (remote, local and protocol) into the auto IKE phase 2 configuration.

    This should do the trick.


 

31
Online

38.4k
Users

12.7k
Topics

44.5k
Posts