SRX

last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Remote client and COLO vs CORPORATE data sites

    Posted 10-14-2015 08:13

    We have a SRX-240 at the COLOCATION and CORPORATE sites. The remote site has SRX-100.

    We would like the SRX-100 to use the VPN Tunnel ST.0 all the time, but if that breaks, then fail over to the COLOCATION VPN tunnel. The hub-spoke setup is working fine with only the CORPORATE site. I have not started to setup the COLOCATION as of yet.

     

    What is the best/easiest method to accomplish this effort.?

     

    2015-10-14 11_06_28-Visio Standard.png

     



  • 2.  RE: Remote client and COLO vs CORPORATE data sites
    Best Answer

    Posted 10-14-2015 12:53

    Hey!

    Since you're using junos devices in topology , i would recommend the use of AutoVPN .
    Auto VPN allows configuration of a hub-and-spoke VPN, with an advantage of adding new spokes with little administrative overhead. Auto VPN reduces the chances of system downtime because the configguration does not need to be changed on the hub .
    Currently both OSPF and BGP are supported when using Auto VPN . Dynamic routing updates are propagated throughout the network . Static routes may also be used , but this will reqire routes to be created for each spoke on the hub,  negating the advantages of a single hub configuration .

    See also the scenario of SSG situation at is outlined in the Concepts and Examples Guide Vol 5 Virtual Private Networks.
    See Advanced Features--Creating Redundant Gateways.
    Your specific diagram and configuration is on page 314 of Volume 5 but the concepts are all reviewed prior to that.

     

    I would also use routes with preferences >> http://www.juniper.net/techpubs/en_US/junos13.3/topics/topic-map/policy-static-route-selection.html

     

    set routing-options static route 1.1.1.1 next-hop 2.2.2.2 preference XY