Hello, I have created (for test purpose) route based VPN based on this manual I have used two juniper devices ssg-5 and ssg-140. VPN is up and running: device-a(M)-> get sa 0000000d< x.x.x.x 500 esp:3des/md5 3f5567dd 2457 unlim A/U -1 0 0000000d> x.x.x.x 500 esp:3des/md5 3aac7cc9 2457 unlim A/U -1 0 My interfaces: ssg-5 device-a(M)->get interface Interfaces in vsys Root: Name IP Address Zone MAC VLAN State VSD bgroup0 10.200.0.250/24 Trust 0010.dbff.20b0 - U 0 tun.1 10.1.10.1/24 VPN N/A - U - set interface "tunnel.1" mip 10.1.10.1 host 10.200.0.0 netmask 255.255.255.0 vr "trust-vr" ssg-140 device-b(M)-> get interface Interfaces in vsys Root: Name IP Address Zone MAC VLAN State VSD eth0/1 10.9.10.1/24 internal 0010.dbff.2050 - U 0 tun.1 10.1.20.1/24 VPN N/A - R 0 set interface "tunnel.1" mip 10.1.20.1 host 10.9.10.1 netmask 255.255.255.0 vr "trust-vr" from ssg devices I can ping other device tunnel.1 IP address. But I can not access device from one Lan to other Lan. Any ideas? ... View more

Hi Everyone, I would like to ask your advice in a current scenario for our customer. Customer have two ssg-5 devices. one device have 172.x.x.x/24 internal net - office second device have 10.200.x.x/24 internal net - data center Both device have static external IP, between those devices are policy based ipsec tunel - all working fine. customer has partner with 3rd party device, internal net 10.0.0.0/8 - static external IP. Now customer wants to create VPN from office to partners office. But partners want that they come to this office not with 172.x.x.x but with 10.201.x.x/24. Should I use route based ipsec tunnel? Is it possible with these device? Any other ideas are welcomed. Thanks in advance ! ... View more