SRX

Hi all,

May i know whether it will have an issue if the setup auto-vpn consists of SRX5k with non-juniper product? This setup together with CA server.

Thanks

Hello,

Yes, this is not supported. 

Reference:  https://www.juniper.net/us/en/local/pdf/app-notes/3500214-en.pdf

AutoVPN Limitations
• Manual next-hop tunnel binding (NHTB) is not supported for AutoVPN.
• Auto NHTB requires proprietary payload during IPsec negotiation; thus, interoperability with third-party vendor equipment
is not supported. Interoperability with Juniper Networks M Series Multiservice Edge Routers, MX Series 3D Universal Edge
Routers, and T Series Core Routers is not supported as well.

Regards,

Vikas

Hi Vikas,

Is there any alternative if i need to deploy 2000 sites / tunnel with non-juniper devices (end point) with easy method due to auto-vpn not supported?

Thanks and appreciated any feedback

Hello,

Apologies for the confusion. AutoVPN would be the way to go for such deployment scenarios.

Refer to the section: Ensuring VPN Tunnel Availability with AutoVPN and Traffic Selectors

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-autovpn-on-hub-and-spoke-devices.html

This mentioned about multiple eNodeBs connecting to the firewall in a redundant fashion. We have several Teleco, customers running such a setup with several thousand spokes (non-juniper).

I will get more clarity on the earlier document reference. It seems to be merely a limitation but not something that would prevent the solution from being deployed.

Regards,

Vikas

Hi Vikas,

Mail noted. Thanks for your explanation.