SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX 240 as spoke in Hub-and-spoke network and Policy-based VPN

    Posted 07-22-2012 23:51

    Hi!

     

    Exist hub-and-spoke VPN network with cisco PIX 515 as hub.

    Say please, can i use Policy-based VPN for VPN channel from SRX240 (as spoke) and CISCO PIX 515 (as hub) ? Or i must use Route-based VPN?



  • 2.  RE: SRX 240 as spoke in Hub-and-spoke network and Policy-based VPN
    Best Answer

    Posted 07-23-2012 05:01

    Hi,

     

    It depends on your complete requirement. ...

     

    Common Reasons to use a Policy-based VPN:

    • Remote VPN device is a non-Juniper device
    • Need to access only one subnet or one network at the remote site, across the VPN

    Common Reasons to use a Route-based VPN:

     

    • Source or Destination NAT (NAT-Src, NAT-Dst) needs to occur as it traverses the VPN
    • Overlapping Subnets/IP Addresses between the two LANs
    • Hub-and-spoke VPN topology
    • Design requires Primary and Backup VPN
    • A Dynamic Routing Protocol (i.e. OSPF, RIP, BGP) is running across the VPN
    • Need to access multiple subnets or networks at the remote site, across the VPN

    Note : In some cases, you can do either of them but in certain cases only one works !!



  • 3.  RE: SRX 240 as spoke in Hub-and-spoke network and Policy-based VPN

    Posted 07-23-2012 05:44

    Thank you very much for answer.

     

    I understand now, that for my task i must use Route-based VPN.