Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
manny799
Explorer

Can Loopback be Used as a VPN Source on VSX?

Hi there,

We have a VSX cluster currently running on version R80.30. We have a requirement to migrate the external IP range to a new subnet (within a different part of the same larger IP address block so we have full control over routing within that block etc). However, we have multiple VPNs terminating on some of the virtual firewalls. I notice that in R81.10, Loopback interfaces are supported on VSX for Dynamic Routing over VPNs, however does anybody know if these could be used (and it is a supported configuration) as the source interface of a standard policy based site to site VPN? (Obviously we would need to add /32 routes externally for the old external address that was then migrated to the loopback).

Thanks,

John M

0 Kudos
3 Replies
the_rock
Champion
Champion

Wow, thats super interesting question...I would be curious to know as well. Personally, I never heard of something like that being supported.

0 Kudos
Chris_Atkinson
Employee
Employee

I've seen dummy DMZ interfaces used for similar in the past, but not tested this approach as yet myself.

Suggest requesting a formal answer via TAC or your SE.

0 Kudos
PhoneBoy
Admin
Admin

What matters is the IP address you configure for Link Selection, which I assume could be that loopback address.

0 Kudos