Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Juniper SSG5 multiple vpn tunnels

Posted on 2013-05-21
Medium Priority
Last Modified: 2013-05-22
I have a juniper SSG5 that creates a VPN tunnel to our firewall at our parent location. as a contingency I would like to be able to reach a second location if the current parent location is demolished during a act of nature. we use a crypto key pair to connect the tunnel from SSG5 to firewall. What do you guys suggest is the easiest route to take to setup a dual connection as such?
Question by:AlfonsoPina
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 18

Assisted Solution

by:Sanga Collins
Sanga Collins earned 2000 total points
ID: 39185575
On the SSG5 you can create multiple VPN tunnels to multiple locations. Or you can use a hub/spoke topology to connect a single VPN tunnel to multiple locations. The juniper will then use Next hop tunnel binding (NHTB) to route traffic through the correct tunnel.

I use this setup to connect about 30 remote sites to 3 VPN tunnels in my office. I have 10 remote sites per VPN just so that I can organize them by region. I could just as easily connect 30 remote sites to 1 VPN tunnel.

Author Comment

ID: 39185611
well, that sounds like a good plan. I would want my juniper to point to my primary at all costs and then only if my primary location is wiped, connect to my backup (there is a significant reason for this.) I'll look at what you just said and try it.
LVL 18

Accepted Solution

Sanga Collins earned 2000 total points
ID: 39185671
That can be accomplished as well. At remote sites where I have primary & secondary ISP, what I do is take advantage of route metrics. This is basically creating 2 identical routes with different metric value. (the higher the metric, the lower the priority)

When route 1 becomes inactive due to VPN tunnel.1 going down. Route 2 with the higher metric then takes its place forcing traffic though VPN tunnel.2

When VPN tunnel.1 comes back online. Its route is reactivated. Since it has a lower metric route2 then becomes inactive.

Author Closing Comment

ID: 39189275
Ok, I have passed this data along to our firewall team. I think we are going to rock on!

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question