Juniper SSG to Cisco ASA VPN with overlapping subnets

René Jorissen on March 29, 2011 0 Comments • Tags: #asa #cisco #juniper #overlapping #screenos #ssg #subnet #vpn

I needed to configure a site-to-site VPN connection between a Juniper SSG firewall and a Cisco ASA firewall. The configuration of a VPN connection is very straightforward, but this time the networks behind the firewalls are overlapping.

I have configured the Cisco ASA multiple times in such scenario, but the configuration of the Juniper SSG was new for me. I found a good article in the Juniper Knowledge Base. The article helped me to configure the VPN connection on the Juniper SSG firewall. The “tricky” part is the configuration of the MIP’s on the tunnel interface and the policy from the VPN network to the Trust network.

The only difference in my configuration is the definition of proxy ID’s within the VPN profile configuration. My scenario involves multiple subnets behind the Juniper SSG firewall en behind the Cisco ASA firewall. For every combination of subnets (Security Association) you have to configure a separate tunnel interface and VPN profile.

The following two tabs change content below.

René Jorissen

Co-owner and Solution Specialist at 4IP Solutions
René Jorissen works as Solution Specialist for 4IP in the Netherlands. Network Infrastructures are the primary focus. René works with equipment of multiple vendors, like Cisco, Aruba Networks, FortiNet, HP Networking, Juniper Networks, RSA SecurID, AeroHive, Microsoft and many more. René is Aruba Certified Edge Expert (ACEX #26), Aruba Certified Mobility Expert (ACMX #438), Aruba Certified ClearPass Expert (ACCX #725), Aruba Certified Design Expert (ACDX #760), CCNP R&S, FCNSP and Certified Ethical Hacker (CEF) certified. You can follow René on Twitter and LinkedIn.

Latest posts by René Jorissen (see all)

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.