Can I configure Dynamic VPN on group of SRX (chassis cluster)?
Is it support on active/active or active/standy?
Should I buy double license for install on pair of SRXs?
The following doc states that DYNVPN supports chassis cluster:
It will work using reth interfaces as the external interface and will work in active/active or active/passive. Try using the recommended junos version in your SRX model:
Regarding the licenses, every Juniper license is bound to a serial number and will only work on that device. Because of this you will need the license in both nodes so that the feature can continue to work after a failover. Note that a license for 2 concurrent VPN connections come by default with the SRXs.
Which interface should I apply as external interface? and
Do you have an example configuration for active/active or active standby solution?
You use the external facing interface with the public ip address. On a cluster this will probably be a rethx interface.
Hi Halo, Please mark it as Resolved if it applies 😉
The external interface will be the reth interface having your Internet facing IP address. The fact that the cluster is working in active/active or passive/active shouldnt change the Dynamic VPN configuration. See a config example here:
Thank you so much
I got the answer 🙂