Answer the question
In order to leave comments, you need to log in
Is it possible to set up an IPsec tunnel between Juniper and pfSense without an external static address on one end?
Good day!
To begin with, I would like to describe our network.
There are three offices and one data center.
The communication between two offices (Moscow and Tagil) and the data center is built using OpenVPN based on pfSense, which is used as a gateway in these offices. All three instances have an external, white, static ip-address. An approximate network diagram, cobbled together on the knee, is:
The office in Sri Lanka is currently isolated from the rest of the network.
Faced two problems:
1. The provider in Sri Lanka does not want to give us a white ip-address in any way.
2. At the moment, only Juniper SRX100 is in the office, pfSense is not deployed.
The question arises - is it possible to organize a connection between two offices without pfSense and static in an office in Sri Lanka?
It is clear that Juniper does not know how to use OpenVPN, but there is IPsec there - can it be used if there is static on only one node out of two pairs? For example, for Moscow to sit and listen and, if there is a connection from Sri Lanka, it would automatically raise the tunnel.
The complexity of the situation is that Sri Lanka is far away and, in fact, there is no IT staff there who can correct the situation when the Internet drops. Accordingly, I would like to receive recommendations and estimate options before making changes to the equipment.
Thanks in advance for any help.
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question