Ask the Expert

  • 1.  SRX Policy Based VPN and IKEv2

    Posted 04-26-2021 08:43
    Hi ,

    I wanted to know if SRX supports the use of policy based VPN with IKEv2 as I understand traffic selectors are only supported on newer versions Junos using IKEv2 .

    Thanks
    Stan

    ------------------------------
    Stanley Hou
    ------------------------------


  • 2.  RE: SRX Policy Based VPN and IKEv2

    Posted 04-27-2021 05:11
    Hello Stan,
       ikev2 is only supported on route-based ipsec vpn (based on experience). I think its more flexible since you can manipulate who goes out to the tunnel internface.

    The only issue here is that if the 3rd party firewall doesn't support route-based.

      You can check out the document here if you like : > Policy-Based IPsec VPNs | IPsec VPN User Guide for Security Devices | Juniper Networks TechLibrary

    Thanks,
    Leangf

    ------------------------------
    Leangf Leangf
    ------------------------------



  • 3.  RE: SRX Policy Based VPN and IKEv2

    Posted 04-27-2021 08:07
    ​Hello Leangf,

    I have come across that document in the past  but didn't see any mention of IKEv2/IKEv1 support.

    Had a hunch that IKEv2 on policy based VPN won't be supported, thanks for your reply.

    Thanks
    Stan

    ------------------------------
    Stan
    ------------------------------