Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to determine if the IPsec IKE Gateway is configured for the correct outgoing interface

0

0

Article ID: KB10121 KB Last Updated: 18 Dec 2020Version: 7.0
Summary:
 

This article explains how to verify if the VPN egress-interface configured matches the expected outgoing interface.

 

Solution:
 

To ensure that the outgoing VPN interface configured in phase 1 matches, perform the following steps:

  1. Locate the current configured IKE external-interface.
root@CORPORATE# show security ike
policy ike_pol {
    mode main;
    proposal-set compatible;
    pre-shared-key ascii-text "$ABC123"; ## SECRET-DATA
}
gateway gw_srx1 {
    ike-policy ike_pol;
    address 2.2.2.2;
    external-interface ge-0/0/0;
}
  1. Locate the expected egress interface based on the route to the peer gateway.

root@CORPORATE> show route 2.2.2.2

inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

2.2.2.2/32         *[Static/5] 00:01:11
                    > to 1.1.1.1 via ge-0/0/8.0
  1. Do the interfaces found in Step 1 and Step 2 match?

  • Yes -  No changes are necessary.

  • No - If the VPN external-interface in Step 1 is using a loopback interface, no changes are necessary. Otherwise, edit the IKE gateway external-interface to reflect the egress interface towards the peer found in Step 2.
root@CORPORATE# set security ike gateway gw_srx1 external-interface ge-0/0/8
root@CORPORATE# commit

 

Modification History:
 
  • 2020-12-18: Removed J-Web instructions and made minor other modifications; article valid and accurate

  • 2020-02-25: Minor, non-technical edits.

 

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search