We will look at the differences
- 1st tunnel interface means exactly that you have a tunnel and will need a route or use a routing protocol.
- This is a classic junos route-based type
- the proxy-id will be a single 0.0.0.0/0 for src/dst subnets
A policy-based VPN will look similar to the following;
- The proxy-id would be whatever remote/local subnets that you define
- Your policy will initialize the IPsec tunnel, think of a juniper policy-based VPN
In both cases, you still need a firewall policy to allow the traffic flow
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment