08-24-2009 03:24 PM - edited 08-25-2009 07:29 AM
We have a new configuration tool (beta) to assist you with your Site-to-Site VPN configurations on SRX Series and J Series devices:
Site-to-Site VPN Configuration Tool
Please provide feedback by clicking the 'Comments' link in the right-hand column of the tool to tell us what you think!
08-25-2009 08:34 AM
We inadvertently posted the un-encrypted URL so please change any bookmarks you may have to the following:
The tool requires potentially sensitive input (IP addresses, etc) and so should only be used via HTTPS/SSL.
We also require that you be logged in to use the tool. This helps us with our measurements for usage and is also an un-abashed attempt to get more people to register (your J-Net registration should be sufficient - if there are any problems please let us know).
09-05-2009 12:06 PM
09-13-2009 12:53 PM - edited 09-13-2009 12:56 PM
Does Juniper offer a comparable technology to Cisco's DMVPN with NHRP?
I have read a Juniper web page (Juniper wont allow me to post the link here) and it seems that Juniper does NOT support direct, spoke to spoke tunneling. All traffic has to go through the hub, it seems (hub and spoke).
Am I wrong?
Is there another flavor of site to site VPN other than what I am reading at this link?
It also seems ot be the casethat the hub must always be configured as you add new spokes and that there is no automatic and dynamic discovery of the spoke as there is with NHRP. NHTP (or whatever Juniper calls it) does not seem to offer the same functionality as NHRP.
Am I correct?
03-25-2010 05:34 PM
how can I get it to shove a GRE tunnel through the IPSec? The tool seems to be good for very simple scenarios, but I'm trying to peer with a Cisco router that cannot do route-based VPN's, so we are using GRE over IPSec. I can't seem to get it to work.
09-07-2010 03:31 AM
of course it will help for all configuring vpn in juniper devices only ?????
10-08-2010 09:41 PM
Look at "set security group-vpn" on 10.2R2+ (i think) or 10.3.
06-13-2011 01:46 AM
The comment page is not working for me.
Not sure if its correct, but for me only the "local static to remote static" option is working. Also, its not possible to have a default route to the remote site. i.e the remote network cannot be 0/0.
10-28-2011 12:43 PM
Does this tool still work? I have tried in 3 different browsers and connot get it to generate a config. It seems to not like anything I put in the Public Network Interface (G) field - or at least it turns yellow when I hit the generate config button. Basically when I press the config button it turns the fileds green and says "Please Wait..." I have used it in the past successfully, but wondering if something is broken.
06-05-2013 12:48 PM
Another Fail by Juniper, the H option only allows you to use static VPN to Static VPN, although in the information icon it clearly has muliple selection that should be able to select.
We have bought and paid for 6 SRX firewalls and Juniper apparently has big issues with VPN's. We decided to choose Juniper as they were already on our network and field sites yet all my heart burn has been with VPN's and I have many of Juniper ATAC's working on issues that are over a month old, that they want to downgrade without fixing the issues. We are very close to getting the legal department involved in this big purchase we made last november.
How about getting SRX (static) to SSG (Dynamic) working. I have spent more time on these VPN's then an other firewll I have every dealt with. I have installed Symantecs, Check Point, Cyberguard, ASA, PIXs, and Sidewinders with no where near the issues that these SRX's have. not to mention the complete fail of VPN's in the virtual firewall, did I mention the 7500.00 exspense for the virtual firewall that we are unable to use because of these tunnels. What a waste of tax payers money.
06-15-2013 06:33 PM
"Please provide feedback by clicking the 'Comments' link in the right-hand column of the tool to tell us what you think!"
There is no "Comments" link. Fail.
It's site-to-site. It only generates the config for one side. So, something less than a 50% score.