Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Hub Profiles: Save

It has been a big day, we know. Before you go home, there’s one more ask for the new branch office. You'll need to establish a secure IPsec VPN tunnel to the remote corporate office. This tunnel allows members of the trust zone to securely reach specific corporate resources on the 172.16.200.0/24 subnet over the Internet.

Secure tunnels are a key feature of SRX platforms. Being able to send sensitive traffic over the public Internet without concern for eavesdropping, or data theft, is no small task. An IPsec VPN lets you securely tunnel traffic through the public Internet. Because the traffic is tunneled, there's no need to perform source NAT.

  • IPsec tunnel
  • Use the Junos CLI to verify IPsec VPN operation

IPsec VPN Overview

In this example, traffic sent from the trust zone to 172.16.200.0/24 uses the IPsec tunnel. This traffic bypasses source NAT and exits the remote end with the original source IP from the 192.168.2.0/24 trust-vlan subnet.