Hi all,
just a quick one:
Please let me know of this scenario is supported:
Two SRX345 in Chassis-Cluster + Switched Fabric (swfab).
Create VLAN and L3-IRB-Interface. (lets assume: VLAN:External and vlan-id 10 // and IRB unit 10 family inet address 10.10.10.1/24)
Configure the VLAN on multiple ports on Node0 and Node1.
(Lets assume: Node0 ge-0/0/5 and ge-0/0/6 and Node1 ge-5/0/5 and ge-5/0/6)
And then finally use this IRB as external-interface within ike-gateway.
USE STP for blocking these 3 of this 4 external Ports and make sure that only one /ge-0/0/5 prefered will be used for IPSEC-Termination.
Only in case of failure, the other ports should be chossen by stp for IPSEC_Termination.
Is this a supported feature or are there any known issues with SWFAB + IPSEC on IRB
Best regards, CHristoph.