P
P
psycholock2018-08-20 13:26:02
pfSense
psycholock, 2018-08-20 13:26:02

Is it possible to set up an IPsec tunnel between Juniper and pfSense without an external static address on one end?

Good day!
To begin with, I would like to describe our network.
There are three offices and one data center.
The communication between two offices (Moscow and Tagil) and the data center is built using OpenVPN based on pfSense, which is used as a gateway in these offices. All three instances have an external, white, static ip-address. An approximate network diagram, cobbled together on the knee, is:
5b7a957106818255893137.png
The office in Sri Lanka is currently isolated from the rest of the network.
Faced two problems:
1. The provider in Sri Lanka does not want to give us a white ip-address in any way.
2. At the moment, only Juniper SRX100 is in the office, pfSense is not deployed.
The question arises - is it possible to organize a connection between two offices without pfSense and static in an office in Sri Lanka?
It is clear that Juniper does not know how to use OpenVPN, but there is IPsec there - can it be used if there is static on only one node out of two pairs? For example, for Moscow to sit and listen and, if there is a connection from Sri Lanka, it would automatically raise the tunnel.
The complexity of the situation is that Sri Lanka is far away and, in fact, there is no IT staff there who can correct the situation when the Internet drops. Accordingly, I would like to receive recommendations and estimate options before making changes to the equipment.
Thanks in advance for any help.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
P
poisons, 2018-08-20
@poisons

Keyword NAT-T.
Well, then the usual site-to-site, tell the juniper that behind the Moscow feast there are Tagil and DC subnets.
Well, when setting up, it is advisable to use something similar , if you screwed up, it will come to life by itself.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question