Is it possible to configure VPN in A-A cluster on both branch and High-end SRX's?
cause I found in the release notes that its not supported for High-end firewalls working in A-A, so is it not supported at all in high-end A-A cluster, or it will be working only on the active node?
another question about loopback support for VPN;
I knew that its supported starting from 12.1x44, but is it supported on both the branch and high-end firewalls?
Go to Solution.
VPN on A-A cluster is not possible as of now. As per the latest news this feature is available on upcoming releases.
Loopback support is for both branch and high end.
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Active-Active SRX cluster is not recommended in HE SRX devices.
You could use loopback interfaces in both branch and HE SRX devices.
So is it possible to have VPN configured on the unit which has the active RE ?
or its not supported at all in H.E A-A setup??
HE Active-Active cluster is not recommended as of today.
There is a new enhancement in upcoming release which would support HE A/A cluster.
Ok, but what about VPN!
Can I configure it in A-A cluster on the unit which has the active RE at least?
Unfortunately, thats not possible as of now.
On all high-end SRX Series devices, IPsec VPN is not supported in active/active chassis cluster configuration (that is, when there are multiple RG1+ redundancy groups).
The below URL will help us to understand the limitation in a better way.
VPN on High end devices are supported only with Active/Passive Setup.