Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
I have a loyal customer that is looking for a solution that implements Dynamic Multipoint VPN.
I understand that we are up agains SonicWall.
Are there any Juniper products which implement DMVPN?
Thank you,
Greg
I just moved away from using Cisco soho routers in a DMVPN setup to SRX210's. These SRX devices can do dead peer detection. That means you can set more than one peer for any one given site-to-site connection. Or you could do multiple VPN connections from the single SRX to multiple sites. Then use RPM with an event script to monitor connectivity and do automated failovers. With some work you can even get a 3G/4G failover working properly. Or you could use a CX111 in place for cards that may not be covered directly by the SRX. In my opinion, I've found the experience better than DMVPN setup from Cisco.
I hope that helps.
Yes - if I'm getting this, the answer is 'No', but here's how we can provide a similar experience. That should be good enough!
The SRX doesn't really have a full-mesh VPN solution that is analogous to DMVPN. They do support GET-VPN though, which is similar, with some slight differences. Cisco has a good comparison document:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6635/ps7180/prod_brochure0900aecd80582078.pdf
If you have a large deployment, you should also look at AutoVPN that was released quite recently for zero-touch to your hub configuration when adding extra spokes (though it is still hub and spoke VPN, rather than full-mesh).
To update this old thread, Juniper now has ADVPN which is similar to Cisco DMVPN
https://www.juniper.net/documentation/en_US/junos12.3x48/topics/concept/security-auto-discovery-vpn-understanding.html