05-09-2012 03:55 PM
Juniper SSL VPN Version 7.0 introduced ipsec support for mobile devices.
This allows to create a "user to site" vpn over ipsec, fine.
Now, does IVE 7.0 or 7.2 support "site to site" vpn?
- If not, can somebody explain why ?
- If yes, can somebody explain the limitations ?
From my understanding (I know well 6.5, but I am new to 7.0), Juniper SA is a mobility solution and is not designed to route, hence may probably not support ipsec vpns.
However, one of my customer has in mind that it's juniper SA box will replace all it's site to site vpn solutions.
Which makes me skeptical : any clarification welcome.
05-10-2012 12:44 PM
The 7.0 release included support for IPSECv2 for clients.
There is no support for site-to-site VPN. I can't say that this is not in the plans for Juniper, but there is no announced support.
The "why" is that Juniper does not think it is useful to play in this market space with this device. They sell a lot of routers which are much more suited to the site-to-site VPN purpose.
We have replaced some site-to-site VPNs by making all users at a remote location Network Connect clients of a Juniper SA. We have done this for sites as large as 200 users. Of course, that takes 200 licenses on the SA, so nothing is free.
05-21-2012 08:51 PM
no, this cannot be done. the reason is simple: this is not a router or switch but a remote access device. any site-to-site connections are needed, they need to be handled externally to the unit