4- SRX IPsec VPN and SSL VPN
- Jean-luc KRIKER
Owned by Jean-luc KRIKER
| Main documentation | Link |
IPsec VPN Topologies on SRX Series Devices | Documentation |
|---|---|
| Site-to-site VPNs | |
| Hub-and-spoke VPNs | |
| Remote access VPNs or end-to-site tunnel or dial-up VPN | Dynamic VPNs with Pulse Secure Clients (IPsec only?) Remote Access VPNs with NCPe ( IPsec and IPsec over SSL) Juniper Secure Connect ( client-based SSL-VPN ) |
Policy-Based VPNs and Route-Based VPNs | |
IPsec Protocol: https://www.juniper.net/documentation/en_US/junos/topics/reference/general/ipsec-protocols-solutions.html
IPsec VPN Technologies and Solutions ( Video training)
https://juniper.csod.com/LMS/Video/LaunchVideo.aspx?loid=d7804270-0221-4b75-a8b8-7a65e26933e6
SRX & J Series Site-to-Site VPN Configuration Generator: https://www.juniper.net/support/tools/vpnconfig/#localSite
AutoVPN Feature Guide ( multi-remote site): https://www.juniper.net/documentation/en_US/junos12.1x46/information-products/pathway-pages/security/security-vpn-autovpn.html#configuration
Dynamic VPN (Remote access VPN or IPsec VPN client) : https://www.juniper.net/documentation/en_US/junos12.1x46/information-products/pathway-pages/security/security-vpn-dynamic.html#overview
Phase 1: AGGRESSIVE Mode Vs Main Mode:
Aggressive mode
takes part in fewer packet exchanged = is faster than Main mode.
does not give identity protection of the two IKE peers, unless digital certificates are used. This means VPN peers exchange their identities without encryption (clear text)