SRX

Expand all | Collapse all

policy based VPN

Jump to Best Answer
  • 1.  policy based VPN

    Posted 04-21-2017 11:15

    when studing policy based VPN it says that when a traffic match a policy a new tunnel is generated because each tunnel has its own negotiation process and SA ...

    would someone please explain what does this means ????



  • 2.  RE: policy based VPN

    Posted 04-21-2017 23:15

    it will setup a spearate pahse II (IPSEC) SA per flow and also a spearate tunnel

    that means if you have 20 flows at the same time it will build up 20 tunnels in paralell (one per flow)

     

    So use policy base only when you are sure that you have single or very low amounts of passing flows

     

    regards

     

    alexander



  • 3.  RE: policy based VPN
    Best Answer

    Posted 04-22-2017 05:55

    Hello,

     

    A separate VPN tunnel ( Phase 2 )  will be established for each set of source-address / destination address entries in the policy or teh proxy ID configured for the VPN.  In comparison, a route based VPN will create asingle phase 2 for all the traffic that goes through the VPN.

     

    Regards

    Vatsa