SRX

Hello

Is it possible to configure VPN in A-A cluster on both branch and High-end SRX's?

cause I found in the release notes that its not supported for High-end firewalls working in A-A, so is it not supported at all in high-end A-A cluster, or it will be working only on the active node?

another question about loopback support for VPN;

I knew that its supported starting from 12.1x44, but is it supported on both the branch and high-end firewalls?

Regards

Mahmoud

VPN on A-A cluster is not possible as of now. As per the latest news this feature is available on upcoming releases.

Loopback support is for both branch and high end.

Thanks,

Suraj

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too

So is it possible to have VPN configured on the unit which has the active RE ?

or its not supported at all in H.E A-A setup??

Thanks

HE Active-Active cluster is not recommended as of today.

There is a new enhancement in upcoming release which would support HE A/A cluster.

Regards,

Raveen

Ok, but what about VPN!

Can I configure it in A-A cluster on the unit which has the active RE at least?

Unfortunately, thats not possible as of now.

On all high-end SRX Series devices, IPsec VPN is not supported in active/active chassis cluster configuration (that is, when there are multiple RG1+ redundancy groups).

http://www.juniper.net/techpubs/en_US/junos12.1x44/information-products/topic-collections/release-notes/12.1x44-d10/index.html?topic-72768.html

The below URL will help us to understand the limitation in a better way.

http://www.juniper.net/techpubs/en_US/junos12.1x45/topics/concept/security-loopback-interface-ha-for-vpn.html

VPN on High end devices are supported only with Active/Passive Setup.

Thanks,

Suraj

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too

Hi Mahmood

Active-Active SRX cluster is not recommended in HE SRX devices.

You could use loopback interfaces in both branch and HE SRX devices.

Regards,

Raveen