Solved

Juniper SSG5 multiple vpn tunnels

Posted on 2013-05-21
4
1,393 Views
Last Modified: 2013-05-22
I have a juniper SSG5 that creates a VPN tunnel to our firewall at our parent location. as a contingency I would like to be able to reach a second location if the current parent location is demolished during a act of nature. we use a crypto key pair to connect the tunnel from SSG5 to firewall. What do you guys suggest is the easiest route to take to setup a dual connection as such?
0
Comment
Question by:AlfonsoPina
  • 2
  • 2
4 Comments
 
LVL 18

Assisted Solution

by:Sanga Collins
Sanga Collins earned 500 total points
Comment Utility
On the SSG5 you can create multiple VPN tunnels to multiple locations. Or you can use a hub/spoke topology to connect a single VPN tunnel to multiple locations. The juniper will then use Next hop tunnel binding (NHTB) to route traffic through the correct tunnel.

I use this setup to connect about 30 remote sites to 3 VPN tunnels in my office. I have 10 remote sites per VPN just so that I can organize them by region. I could just as easily connect 30 remote sites to 1 VPN tunnel.
0
 

Author Comment

by:AlfonsoPina
Comment Utility
well, that sounds like a good plan. I would want my juniper to point to my primary at all costs and then only if my primary location is wiped, connect to my backup (there is a significant reason for this.) I'll look at what you just said and try it.
0
 
LVL 18

Accepted Solution

by:
Sanga Collins earned 500 total points
Comment Utility
That can be accomplished as well. At remote sites where I have primary & secondary ISP, what I do is take advantage of route metrics. This is basically creating 2 identical routes with different metric value. (the higher the metric, the lower the priority)

When route 1 becomes inactive due to VPN tunnel.1 going down. Route 2 with the higher metric then takes its place forcing traffic though VPN tunnel.2

When VPN tunnel.1 comes back online. Its route is reactivated. Since it has a lower metric route2 then becomes inactive.
0
 

Author Closing Comment

by:AlfonsoPina
Comment Utility
Ok, I have passed this data along to our firewall team. I think we are going to rock on!
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now