This is an extremely long-overdue post, but I wanted to add a follow-up to the old blogpost Route-based VPN with Multiple Source/Destination Networks to a 3rd Party Device. While the previous method still works, it still had some drawbacks:

• It required the use of ephemeral IP address, which can be a waste of IP space
• It only worked if there was one destination network, as Next-Hop Tunnel Bindings (NHTBs) did not address which source network traffic came from

Traffic selectors were introduced as feature starting in Junos 12.1X46-D10 (SRX200, SRX1400, and SRX3k series) and Junos 17.3R1 (SRX300, SRX1500, SRX4k, and SRX5k series) for IKEv1. IKEv2 support was added in Junos 15.1X49-D100, meaning this is only available for the SRX300, SRX1500, SRX4k, and SRX5k series.

(more…)

I have seen this question several times on the Juniper Forums, so I decided to post a quick write up on how to build a route-based VPN to a 3rd party device, such as a Cisco ASA, with multiple subnets on each side. The answer is more straightforward than you think.

(more…)