Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Can the loopback interface be used to access dynamic VPN?



Article ID: KB26027 KB Last Updated: 05 Mar 2017Version: 2.0
The article provides information about the possibility of a SRX branch device using the loopback interfaces to access dynamic VPN.
The possibility of a SRX branch device using the loopback interfaces to access dynamic VPN.
  • When the httpServer daemon of SRX receives a request from a dynamic VPN client, the daemon checks the ingress interface of the packet.

  • If the ingress interface is on the dynamic VPN allow interface list, these packet are allowed and if the ingress interface is not in the list, httpServer displays an error.

  • When the loopback interface is set as an external interface of dynamic VPN, it will be on the list.

  • However, the actual ingress interface is not a loopback interface; but a physical interface. This is why the client displays an error.
Use a physical interface, instead of using the loopback interface; which is a logical interface. The loopback interface will not work for the dynamic VPN; as per design.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search