Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Can Route and Policy based VPNs be configured by using the same Phase1 gateway?

0

0

Article ID: KB26523 KB Last Updated: 08 Feb 2013Version: 1.0
Summary:
This article provides information about the possibility of configuring route and policy based VPNs by using the same Phase1 gateway.
Symptoms:
It is not possible to associate the same Phase 1 with multiple Phase 2’s, such that one or some Phase 2’s are configured with tunnel binding to be used as a Route based VPN and others are used with the Policy binding as a Policy Based VPN.
Cause:

Solution:
If you are planning to use the same Phase 1 gateway with multiple Phase 2’s, then either all the Phase 2’s should have tunnel binding or all the Phase 2’s should have with Policy binding.

Assume that you have configured a VPN gateway (Phase 1), created the Phase 2 (VPN1), and binded it to a tunnel interface. Now, if you want to create a new Phase 2 (VPN2) by using the same Phase1 Gateway, so as to bind it to a VPN policy:



When you try to bind Phase2 in the VPN policy, the following error message is generated:



Similarly, if you have configured a VPN gateway (Phase 1), created the Phase 2 (VPN1), and use it as a policy based VPN configuration. Now, if you want to create a new Phase 2 (VPN2) by using the same Phase1 gateway, so as to bind it to a tunnel interface to use it as a route based VPN; the following error message will be generated when you try to bind the tunnel interface to VPN phase 2:



So. it is recommended, when using a single Phase1and multiple Phase 2’s, to ensure that all are configured as either policy based or route based.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search