to define additional subnet for site2site vpn

getruegetrue Registered Users Posts: 4 ■□□□□□□□□□
Hello, I setupped site2site vpn connection for one local_subnet. how can I add second local_subnet to this vpn connection. icon_redface.gif

Comments

  • MstavridisMstavridis Member Posts: 107
    Huh? You need to describe your current network and then give us more detail on what you are trying to accomplish, I would love to help but I don't know what exactly your trying to accomplish.
  • getruegetrue Registered Users Posts: 4 ■□□□□□□□□□
    picture

    How can I add second subnet to the vpn tunnel. Our vpn is route-based vpn or policy-based vpn? How can I understand?

    Thanks
  • terenteren Member Posts: 30 ■■□□□□□□□□
    Depends on if this was setup as a route or policy based VPN, as mentioned if you can provide more details I'm sure we can help. Thanks!
  • MrBishopMrBishop Member Posts: 229
    /30 will give you 2 available addresses per subnet so your subnets will look like
    10.1.1.0 to 10.1.1.3
    10.1.1.4 to 10.1.1.7
    10.1.1.8 to 10.1.1.11
    10.1.1.12 to 10.1.1.15

    and so on
    Degrees
    M.S. Internet Engineering | M.S. Information Assurance
    B.S. Information Technology | A.A.S Information Technology
    Certificaions
    Currently pursuing: CCIE R&Sv5
  • terenteren Member Posts: 30 ■■□□□□□□□□
    Ah ScreenOS.....well I'm going to make the assumption that this is a policy based VPN to a non JUNOS/ScreenOS device. Therefore, you'll basically need to duplicate everything you see on that screen except change the proxy ID to what the second subnet is and then add the corresponding policy for that subnet to point to that new VPN you're creating.

    Or, if you upgrade to ScreenOS 6.3, you can use this feature Juniper Networks - Function of a new feature "Multiple Proxy ID support on a Route-Based VPN" (Supported started with ScreenOS 6.3) - Knowledge Base
  • getruegetrue Registered Users Posts: 4 ■□□□□□□□□□
    thanks for your answers. special thanks to teren. We upgraded firmware and ran below command.
    SSG140-> set ike policy-checking
Sign In or Register to comment.