Andy, Assuming you have your own IP space, you put a public address on the loopback. Whichever member is active for lo0 will handle the IPSEC if i recall.
Theres some juniper docs on the details. ST0 will always be on which ever node is primary. Thanks, Morgan On Mon, May 5, 2014 at 5:37 PM, Andrew Jones <[email protected]> wrote: > You don't need to do anything special to make the st0 interface redundant, > it will always run on the active node. > > > On 06.05.2014 08:38, Andy Litzinger wrote: > >> Hi Morgan, >> >> I presume that with regards to the loopback you are referring to the >> external interface I use as my IPSec peer toward Amazon? >> >> what about the internal logical st interface that I need to create in >> order >> to route my internal traffic into the tunnel? How do I make that >> redundant? >> >> thanks! >> -andy >> >> >> On Mon, May 5, 2014 at 3:30 PM, Morgan McLean <[email protected]> wrote: >> >> Use your loopback and put that in a reth. >>> >>> Thanks, >>> Morgan >>> >>> >>> On Mon, May 5, 2014 at 3:23 PM, Andy Litzinger < >>> [email protected]> wrote: >>> >>> Hi All, >>>> Two related questions. I have a pair of SRX 3400s in an >>>> Active/Passive >>>> cluster. They rely on an external gateway for internet access (i.e. my >>>> ISPs don't terminate on the SRXs). I am setting up redundant tunnels to >>>> an >>>> AWS VPC. Amazon has an example for J-Series ( >>>> >>>> http://docs.aws.amazon.com/AmazonVPC/latest/ >>>> NetworkAdminGuide/Juniper.html >>>> ), >>>> but I don't think it's for a cluster set-up. >>>> >>>> Here are my questions: >>>> >>>> 1 - If I want to set up a redundant secure tunnel interface (e.g. st0), >>>> should i bind it to an reth interface? >>>> >>>> 2 - Has anyone connected an Active/Passive SRX cluster to an AWS VPC? >>>> Any >>>> tips or tricks you care to share? >>>> >>>> regards, >>>> -andy >>>> _______________________________________________ >>>> juniper-nsp mailing list [email protected] >>>> https://puck.nether.net/mailman/listinfo/juniper-nsp >>>> >>>> >>> >>> _______________________________________________ >> juniper-nsp mailing list [email protected] >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> > > _______________________________________________ > juniper-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
