Hi Friends,

Is the following configuration possible on MX100 (IPSec)

The Customer is going to connect to their client's network (The client's network might have ASA / Fortigate).

Question 1

• From Branch-1 to Client-1 Site-to-Site VPN (IKEv1) on Primary ISP
• From Branch-1 to Client-1 Site-to-Site VPN (IKEv1) on Secondary ISP
• From Branch-1 to Client-2 Site-to-Site VPN (IKEv1) on Primary ISP
• From Branch-1 to Client-2 Site-to-Site VPN (IKEv1) on Secondary ISP
• From Branch-1 to Client-3 Site-to-Site VPN (IKEv2) on Primary ISP
• From Branch-1 to Client-3 Site-to-Site VPN (IKEv2) on Secondary ISP
• From Branch-1 to Client-4 Site-to-Site VPN (IKEv2) on Primary ISP
• From Branch-1 to Client-4 Site-to-Site VPN (IKEv2) on Secondary ISP

Question 2

Also please confirm NAT (Network Address Translation) is possible over Site-to-Site VPN Phase2 as interesting traffic?

Question 3

SSL based remote access VPN is possible? If yes, please confirm the SSL VPN traffic can be rerouted to existing Site-to-Site VPN of Branch-1 clients

Example:

• End User-1 connect branch-1 SSL VPN and access Client-1 Site-to-Site VPN (IKEv1)
• End User-2 connect branch-1 SSL VPN and access Client-3 Site-to-Site VPN (IKEv2)

Regards Ajit