Juniper Netscreen L2L VPN with Public IP Addresses
Posted on 2013-05-20
I have a requirement to implement multiple VPN L2L tunnels to a number of different peers.
Some of the resources behind my side of the VPN will need to be accessed by several of the remote sites.
To avoid same-private-subnet issues a number of the peers that I need to connect to insist on having pubic IP NATs applied to the hosts to be accessed on either side of the tunnel.
I can set this up with no issues on my Cisco ASA. I just setup the static NAT for each host that needs to be accessed over a tunnel and then apply whatever access rules are needed per tunnel in the interface and crypto ACLs.
This seems to be an issue, however, on the Juniper.
It seems that, on the Juniper, once a host has been NAT'd to a public IP and applied to a tunnel it cannot be applied to another tunnel. This means that those resources on my side of the VPN that need to be shared by multiple peers can only be accessed by one peer.
Is this correct ? Is there no way around this ?
If this is correct it would appear to be a fairly fundamental issue with regard to the functionality of this kit.