Message Image

Skip main navigation (Press Enter).

SRX

View Only

last person joined: 4 days ago

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Back to discussions

Expand all | Collapse all

policy based VPN

Jump to Best Answer

Erdem04-21-2017 11:15

when studing policy based VPN it says that when a traffic match a policy a new tunnel is generated because ...

alexander.marhold04-21-2017 23:15

it will setup a spearate pahse II (IPSEC) SA per flow and also a spearate tunnel that means if you ...

Erdem04-22-2017 05:55Best Answer

Hello, A separate VPN tunnel ( Phase 2 ) will be established for each set of source-address ...

1. policy based VPN

0 Recommend
Erdem
Posted 04-21-2017 11:15

Reply Reply Privately
when studing policy based VPN it says that when a traffic match a policy a new tunnel is generated because each tunnel has its own negotiation process and SA ...

would someone please explain what does this means ????
2. RE: policy based VPN

0 Recommend
alexander.marhold
Posted 04-21-2017 23:15

Reply Reply Privately
it will setup a spearate pahse II (IPSEC) SA per flow and also a spearate tunnel

that means if you have 20 flows at the same time it will build up 20 tunnels in paralell (one per flow)

So use policy base only when you are sure that you have single or very low amounts of passing flows

regards

alexander
3. RE: policy based VPN
Best Answer

0 Recommend
Erdem
Posted 04-22-2017 05:55

Reply Reply Privately
Hello,

A separate VPN tunnel ( Phase 2 ) will be established for each set of source-address / destination address entries in the policy or teh proxy ID configured for the VPN. In comparison, a route based VPN will create asingle phase 2 for all the traffic that goes through the VPN.

Regards

Vatsa

Powered by Higher Logic