I have two srx240 devices, and vpn tunnel between offices.
MAIN office: internet static IP, LAN public IP 193.168.135.1/25.
REMOTE office: internet dymamic IP, LAN public IP 193.168.135.129/27.
(Public c-class ip.)
VPN tunnel seems working between offices.
But I have some kind of routing problems.
I don't know, how I can routing all remote office traffic to main office, and via to internet.
Could anyone help to me?!
Many Thanks!!!
MAIN OFFICE (part of configuration)
set interfaces ge-0/0/0 unit 0 family inet address 193.168.135.253/29
set interfaces ge-0/0/4 unit 0 family inet address 193.168.135.1/25
set interfaces st0 unit 10 family inet address 192.168.2.1/24
set routing-options static route 0.0.0.0/0 next-hop 193.168.135.254
set routing-options static route 193.168.135.128/27 next-hop st0.10
set security ike policy ike_pol_PITTIO mode aggressive
set security ike policy ike_pol_PITTIO proposal-set standard
set security ike policy ike_pol_PITTIO pre-shared-key ascii-text "xxxxxxx"
set security ike gateway gw_PITTIO ike-policy ike_pol_PITTIO
set security ike gateway gw_PITTIO dynamic user-at-hostname "mail@com"
set security ike gateway gw_PITTIO local-identity inet 193.168.135.253
set security ike gateway gw_PITTIO external-interface ge-0/0/0
set security ipsec policy ip_pol_PITTIO perfect-forward-secrecy keys group2
set security ipsec policy ip_pol_PITTIO proposal-set standard
set security ipsec vpn PITTIO bind-interface st0.10
set security ipsec vpn PITTIO ike gateway gw_PITTIO
set security ipsec vpn PITTIO ike ipsec-policy ip_pol_PITTIO
set security ipsec vpn PITTIO establish-tunnels immediately
REMOTE OFFICE (part of configuration)
set interfaces ge-0/0/0 unit 0 family inet dhcp
set interfaces ge-0/0/3 unit 0 family inet address 193.168.135.129/27
set interfaces st0 unit 10 family inet address 192.168.2.2/24
set routing-options static route 193.168.135.0/25 next-hop st0.10
set security ike policy ike_pol_REMOTE_PITTIO mode aggressive
set security ike policy ike_pol_REMOTE_PITTIO proposal-set standard
set security ike policy ike_pol_REMOTE_PITTIO pre-shared-key ascii-text "xxxxxxxxxxx"
set security ike gateway gw_REMOTE_PITTIO ike-policy ike_pol_REMOTE_PITTIO
set security ike gateway gw_REMOTE_PITTIO address 193.168.135.253
set security ike gateway gw_REMOTE_PITTIO dead-peer-detection
set security ike gateway gw_REMOTE_PITTIO local-identity user-at-hostname "mail@com"
set security ike gateway gw_REMOTE_PITTIO external-interface ge-0/0/0
set security ipsec policy ipsec_pol_REMOTE_PITTIO perfect-forward-secrecy keys group2
set security ipsec policy ipsec_pol_REMOTE_PITTIO proposal-set standard
set security ipsec vpn REMOTE_PITTIO bind-interface st0.10
set security ipsec vpn REMOTE_PITTIO ike gateway gw_REMOTE_PITTIO
set security ipsec vpn REMOTE_PITTIO ike ipsec-policy ipsec_pol_REMOTE_PITTIO
set security ipsec vpn REMOTE_PITTIO establish-tunnels immediately