SRX

Expand all | Collapse all

Policy Based VPN on SRX5600 with SPC3

Jump to Best Answer
  • 1.  Policy Based VPN on SRX5600 with SPC3

    Posted 10-17-2019 03:27

    I have configured a policy based VPN on an SRX5600 with an SPC3. The configuration was previously working on another SRX with SPC-2. The debug shows the message below

     

     [EXT] [PEER] [xx.xx.xx.xx <-> yy.yy.yy.yy]  peer-schema look-up failed for local-ip xx.xx.xx.xx remote-ip yy.yy.yy.yy vr-id 6

     

    Has anyone experienced this



  • 2.  RE: Policy Based VPN on SRX5600 with SPC3

    Posted 10-17-2019 03:35
    SPC3 does not support policy based VPN.


  • 3.  RE: Policy Based VPN on SRX5600 with SPC3
    Best Answer

    Posted 10-17-2019 03:37
    Hi Maggu,

    Policy based vpn on SRX5k with SPC 3 is not supported.
    Please go through the document below

    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-ipsec-vpn-overview.html




    Thanks and Regards,
    Guru Prasad
    J/SRX Advance Tac
    Working hours: Monday to Friday (10:30 AM +05:30 to 18:30 PM +05:30)



    Juniper Business Use Only


  • 4.  RE: Policy Based VPN on SRX5600 with SPC3

    Posted 10-17-2019 04:36

    Thanks for the prompt response guys. However, what happens in case i have a mix of SPC-II and SPC3 in the chassis. Will the Policy based still not be supported



  • 5.  RE: Policy Based VPN on SRX5600 with SPC3

    Posted 10-17-2019 04:44
    Hi Maggu,

    Yes it will still not work. Reason is that the KMD daemon does not run on the SPC 2 in mixed mode. It is moved to SPC 3 which does not support policy based VPN.



    Thanks and Regards,
    Guru Prasad



    Juniper Business Use Only