Routing

last person joined: 4 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

  • 1.  IPSEC on SRX240

    Posted 06-03-2014 08:59

    Regarding the subjetc , I have only one question.

    I have seen some docs about stablishing ipsec site to site connections.

    Some use st interface.

    Somo does not.

    Is there any differences ? which method is better ?

    Thanks.



  • 2.  RE: IPSEC on SRX240
    Best Answer

    Posted 06-03-2014 10:30

    There are two types of site-to-site vpn that can be configured on the SRX, policy based and route based.

     

    Route based vpn use a tunnel interface, the st0 that you reference.  This interface provides a termination point for the routing and nat features on the vpn.  Route based vpn are generally prefered but can be a little more complex to setup.  But if the network grows beyond a few sites they are utimately easier to grow and maintain.

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=TN108

     

    Policy based vpn combine the routing and policy all together in the configuration and do not require any tunnel interface.  They do not allow the use of nat.  They are also specific in the connected networks on each side.  There are fewer steps needed to set them up.  And it can be easier to connect to a non-juniper remote end point.

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=TN107