Main documentation | Link |
IPsec VPN Topologies on SRX Series Devices | Documentation |
---|---|
Site-to-site VPNs | |
Hub-and-spoke VPNs | |
Remote access VPNs or end-to-site tunnel or dial-up VPN | Dynamic VPNs with Pulse Secure Clients (IPsec only?) Remote Access VPNs with NCPe ( IPsec and IPsec over SSL) Juniper Secure Connect ( client-based SSL-VPN ) |
Policy-Based VPNs and Route-Based VPNs | |
IPsec Protocol: https://www.juniper.net/documentation/en_US/junos/topics/reference/general/ipsec-protocols-solutions.html
IPsec VPN Technologies and Solutions ( Video training)
https://juniper.csod.com/LMS/Video/LaunchVideo.aspx?loid=d7804270-0221-4b75-a8b8-7a65e26933e6
SRX & J Series Site-to-Site VPN Configuration Generator
...
: https://www.juniper.net/support/tools/vpnconfig/#localSite
AutoVPN Feature Guide ( multi-remote site): https://www.juniper.net/documentation/en_US/junos12.1x46/information-products/pathway-pages/security/security-vpn-autovpn.html#configuration
Dynamic VPN (Remote access VPN or IPsec VPN client) : https://www.juniper.net/documentation/en_US/junos12.1x46/information-products/pathway-pages/security/security-vpn-dynamic.html#overview
Phase 1: AGGRESSIVE Mode Vs Main Mode:
Aggressive mode
takes part in fewer packet exchanged = is faster than Main mode.
does not give identity protection of the two IKE peers, unless digital certificates are used. This means VPN peers exchange their identities without encryption (clear text)
...