Advertisement

07.23.2008 at 03:26AM PDT, ID: 23587927 | Points: 500
[x]
Attachment Details

What is best practice when creating a tunnel-interface for IPSec purposes on a Juniper security device?

Asked by NordCap in Networking Hardware, Virtual Private Networking (VPN), Network Software Firewalls

Tags: , , , ,

Hello,

in ScreenOS I've discovered that there are multiple ways of creating and using tunnel interfaces together with IPSec:
1) set interface tun.1 ip unnumbered interface eth0/0 (on both sides of the tunnel)
2) set interface tun.1 ip 0.0.0.0/0 (on both sides of the tunnel)

Both of these methods work, however with method 2 you can connect to the IP of the remote eth0/0-interface, something that doesn't seem to be possible with method 1. Yet method 2 hasn't been mentioned in a single Juniper-book I've come across. Might there be a reason for this? Might method 2 even be bad practice for some reason?

Also, what reasons are there one should or shouldn't use a single tunnel-interface with multiple NHTB-entries.

Thanks in advance!

Yours faithfully,
TanelStart Free Trial
[+][-]08.14.2008 at 12:27PM PDT, ID: 22233453

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080924-EE-VQP-38 / EE_QW_2_20070628