Author Topic: Some doubts on policy based vpns  (Read 3480 times)

chetan89

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Some doubts on policy based vpns
« on: May 24, 2011, 12:41:27 pm »
(please answer in relation with juniper devices)
In a policy based vpn can we give source-address any destination-address any applocation any in permit tunnel policy? If ye will that give me 0/0 as proxy ids?

Why can't we do NAT in policy based vpn? If proxy id is the issue we can change the proxy ids manually will then nat work in policy based vpn?

And finally why we enable routing protocols in rout based vpns? Cant we do it in polocy based?

Thanks in advance

echo

  • Full Member
  • ***
  • Posts: 135
  • Karma: +2/-0
  • I'm in the background
    • View Profile
    • 3<-0!493
Re: Some doubts on policy based vpns
« Reply #1 on: May 31, 2011, 07:58:51 am »
1. I think it can be done (haven't tried) and Proxy ID should be 0/0 in this case.
2. I haven't tried this either.
3. Well, you should route pacekts somehow, shouldn't you? Router is one name of the device :) You do it one way or the other. I don't "enable routing protocols", I just configure destination routes and NHTB-tables.
_ ____ _____ _ ____ __ ___
___ ___ __ ________ ___ __
            echo.planet.ee