Alternative solution. Keep doing route based tunnels, but use traffic selectors. I use it to have the remote end doing policy based ipsec (old cisco cpe as an example) while keeping the SRX as a route (st interface) based ipsec implementation.
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-traffic-selectors-in-route-based-vpns.html On Thu, 9 May 2019 at 06:19, Lenny Shovsky <[email protected]> wrote: > Wondering how to get ping to work directly from SRX across ipsec policy > tunnels. > > Have no issues dong it with route based tunnels, simply using lo0 with > tunneled subnet address and default-address-selection option, but can't > make it work with policy tunnels. > > Long term goal is to get vpn-monitor option to work. > > Thanks in advance for all your feedback ! > _______________________________________________ > juniper-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- Regards, Craig Askings io Networks ion consulting Pty Ltd. mobile: 0404 019365 phone: 1300 1 2 4 8 16 No Holidays scheduled _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
