Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1439
  • Last Modified:

Juniper SSG5 multiple vpn tunnels

I have a juniper SSG5 that creates a VPN tunnel to our firewall at our parent location. as a contingency I would like to be able to reach a second location if the current parent location is demolished during a act of nature. we use a crypto key pair to connect the tunnel from SSG5 to firewall. What do you guys suggest is the easiest route to take to setup a dual connection as such?
0
AlfonsoPina
Asked:
AlfonsoPina
  • 2
  • 2
2 Solutions
 
Sanga CollinsSystems AdminCommented:
On the SSG5 you can create multiple VPN tunnels to multiple locations. Or you can use a hub/spoke topology to connect a single VPN tunnel to multiple locations. The juniper will then use Next hop tunnel binding (NHTB) to route traffic through the correct tunnel.

I use this setup to connect about 30 remote sites to 3 VPN tunnels in my office. I have 10 remote sites per VPN just so that I can organize them by region. I could just as easily connect 30 remote sites to 1 VPN tunnel.
0
 
AlfonsoPinaSr. Systems AdministratorAuthor Commented:
well, that sounds like a good plan. I would want my juniper to point to my primary at all costs and then only if my primary location is wiped, connect to my backup (there is a significant reason for this.) I'll look at what you just said and try it.
0
 
Sanga CollinsSystems AdminCommented:
That can be accomplished as well. At remote sites where I have primary & secondary ISP, what I do is take advantage of route metrics. This is basically creating 2 identical routes with different metric value. (the higher the metric, the lower the priority)

When route 1 becomes inactive due to VPN tunnel.1 going down. Route 2 with the higher metric then takes its place forcing traffic though VPN tunnel.2

When VPN tunnel.1 comes back online. Its route is reactivated. Since it has a lower metric route2 then becomes inactive.
0
 
AlfonsoPinaSr. Systems AdministratorAuthor Commented:
Ok, I have passed this data along to our firewall team. I think we are going to rock on!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now