routing between juniper NS Firewalls

Question

we have site to site VPN between new york office Firewall (NS) and dublin client firewall. we have another office located in mumbai and configured site to site VPN between new york and mumbai office, so that mumbai users can connect the client's server via using vpn client. we can not establish directly vpn between mumbai to client firewall due to some security concerns.

mumbai users will have to connect vpn client every time on their pc in order to access the client servers which is not feasible for them.. the solution which i am looking for, is there any possibility to make some routing between mumbai and new york firewalls, so that users can directly access the client server (without vpn client). thanks

So network is: Mumbai <--> NY <--> Dublin ? That's pretty straightforward... use NY as gateway for traffic for either endpoint. — jlehtinen, Apr 08 '15 at 20:18

score 1 · Answer 1 · answered Apr 08 '15 at 22:02

1

You have two possibilities:

setup a route-based VPN, which permit to control packet flow with simple routes;
using the (standard) policy-based VPN, create an hub-and-spoke tunnel topology.

Both options are documented in Juniper's ScreenOS Manual (VPN section).

answered Apr 08 '15 at 22:02

shodanshok

47,711
7
111
180

hub and spoke...+1 – TheCleaner Apr 09 '15 at 00:10

routing between juniper NS Firewalls

1 Answers1