SRX

 View Only
last person joined: 20 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Route based VPN on SRX and EX switch

    Posted 06-13-2019 16:24

    Hi everyone,

    I have some questions about ipsec implementation on SRX 550 and EX4300 switches.

     

     SRX:

    1)Does SRX perform IPSEC in hardware ?  Generally, On Cisco, it is implemented on route engine ( control plane) therefore CPU intensive,  though now we can use dedicated card for ipsec  on some platform.

     

    2) On SRX 550, what is maximum throughput we can expect on SRX 550?

     

    3) Can st0 interface particapte in PIM dense mode?

     

    EX switches:

    1)  Can  EX 4300 do IPSEC in hardware? does it support st0 interface?

    2)Does it support st0 interface?

    3) What is the  maximum IPSEC  throughput we can expect on EX 4300?

    4) Can st0 interface particapte in PIM dense mode?

     

     

    Thanks and have a nice day!!



  • 2.  RE: Route based VPN on SRX and EX switch
    Best Answer

    Posted 06-13-2019 16:42

    Hi sarahr202

     

    1) HE SRXs does IPsec in hardware while Branch SRXs does it on routing-engine.

    2) Asuming you are asking for VPN throughput, as per the following datasheet it is 1.0 Gbps. Expect less than that because you will achieve that number if you forward only large packets which is not the case on any real network.

              https://www.juniper.net/assets/us/en/local/pdf/datasheets/1000281-en.pdf

    3) The st0 interface does work with PIM Dense mode.

     

    As for EX switches, they dont support IPsec VPNs.

     

    I hope this answer your queries.