SRX

I'm settting up a new site with a HA pair of SRX240H. I will have roughly 250 site-to-site VPN's setup through this pair. I have a few questions I don't seem to find answers for yet:

 

 - How many tunnels can be terminated on a single st0 interface?

 - Can I have all of the tunnels terminate on the single st0 interface or do I need to build a st0 interface for each VPN?

 - Can you have dynamic tunnels and static in this mix?

 - How many st0 interfaces can a 240H handle?

 

On a multi-point setup the documentation it states that if you must put NHTB in the multipoint unless its a Juniper device on the other end.

 

"set interfaces st0 unit 0 family inet next-hop-tunnel 10.11.11.11 ipsec-vpn sunnyvale-vpn"

 

I can't seem to make that work yet without putting in the NHTB for even devices that are Juniper.

 

All and any help is greatly appreciated!

 

 

1.

http://www.juniper.net/us/en/local/pdf/datasheets/1000281-en.pdf

Concurrent VPN tunnels 1,000
Tunnel interfaces 128

2. Yes ,you can. Use multipoint on the st0 interface .Then we can use a single interface for multiple VPNs

3. Yes, I think, it does not matter (you mean aggressive and main mode right?)

4 . Tunnel interfaces 128


Regarding NHTB, If both sides are Juniper, then we need not configure explicitly , they should automatically do this .

This is exactly what I needed to know. The dynamic/static is yes, aggressive/main mode.

 

Thank you!