Route based VPN

  • Hello,

    I have NS-208 firewall with one interface in untrust zone (the interface has real IP) the second interface connected to trust zone ,this zone has two servers that need to connect to remote servers…… we need to establish a site-to-site VPN using real IP addresses for these servers…policy based VPN didnt work for this case ,what is the alternatives???

    local site ------------remote site
    server1(real IP)------->server 1(real IP)
    server2r(real IP)<------server2(real IP)


  • put our real ip range is reserved for other interfaces,so we cant assign real ip to the tunnel and do src-nat or dst-nat

  • Ok then try the route based VPN.

  • the remote device is also a juniper firewall ,…policy based didnt work as we need to do source and destination translation??

    1. What is the remote device with which you are making the VPN.
    2. Should not be an issue, when configuring the Policy based VPN, what was the policy you configured.
    3. Did the phase 1 come up, if not what errors in the log you received.
    4. Did the phase 2 come up, if not what errors in the log you received.