SRX Services Gateway
Highlighted
SRX Services Gateway

Routed-Based Site-to-Site VPN with Dial-UP VPN configuration

‎05-05-2019 05:34 AM

Hi, I have a requirement to enable remote access (dial-up) vpn on a device that already has route-based site-to-site vpns. According to this document https://www.juniper.net/documentation/en_US/release-independent/nce/topics/concept/policy-based-rout... that is not possible. I am wondering what others have done in order to achieve this ? Would putting the remote access vpn configuration in a virtual router instance solve this scenario ? Any examples you can share ?

 

thanks!

3 REPLIES 3
SRX Services Gateway

Re: Routed-Based Site-to-Site VPN with Dial-UP VPN configuration

‎05-05-2019 06:10 AM

I read this as saying that your configuration for the dynamic vpn itself must be policy based.  Not that you cannot have other site to site route vpn configured on the same SRX.

 

Route-based VPNs do not support remote-access (dial-up) VPN configurations.

Policy-based VPN tunnels are required for remote-access (dial-up) VPN configurations.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
SRX Services Gateway

Re: Routed-Based Site-to-Site VPN with Dial-UP VPN configuration

‎05-05-2019 12:48 PM

The way I understand this (although haven't tried..) if you wish to have remote access vpns you must use policy based vpns for site-to-site.... am I wrong ?

SRX Services Gateway

Re: Routed-Based Site-to-Site VPN with Dial-UP VPN configuration

‎05-05-2019 05:29 PM

I read this as only applying to the dynamic vpn itself not all vpn configured overall on the SRX.  I have not configured and used dynamic vpn in many years but did have all other vpn configured at the time in route based mode on every SRX I've deployed.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home