to define additional subnet for site2site vpn

Hello, I setupped site2site vpn connection for one local_subnet. how can I add second local_subnet to this vpn connection.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Mstavridis

Huh? You need to describe your current network and then give us more detail on what you are trying to accomplish, I would love to help but I don't know what exactly your trying to accomplish.

getrue

picture

How can I add second subnet to the vpn tunnel. Our vpn is route-based vpn or policy-based vpn? How can I understand?

Thanks

teren

Depends on if this was setup as a route or policy based VPN, as mentioned if you can provide more details I'm sure we can help. Thanks!

MrBishop

/30 will give you 2 available addresses per subnet so your subnets will look like
10.1.1.0 to 10.1.1.3
10.1.1.4 to 10.1.1.7
10.1.1.8 to 10.1.1.11
10.1.1.12 to 10.1.1.15

and so on

teren

Ah ScreenOS.....well I'm going to make the assumption that this is a policy based VPN to a non JUNOS/ScreenOS device. Therefore, you'll basically need to duplicate everything you see on that screen except change the proxy ID to what the second subnet is and then add the corresponding policy for that subnet to point to that new VPN you're creating.

Or, if you upgrade to ScreenOS 6.3, you can use this feature Juniper Networks - Function of a new feature "Multiple Proxy ID support on a Route-Based VPN" (Supported started with ScreenOS 6.3) - Knowledge Base

getrue

thanks for your answers. special thanks to teren. We upgraded firmware and ran below command.
SSG140-> set ike policy-checking