[j-nsp] DMVPN on Juniper

[Dale Shaw]

Hi Masood,

On Tue, Jul 14, 2009 at 9:53 PM, <masood at nexlinx.net.pk> wrote:
> I am not sure if this is right for you :)
>
> http://kb.juniper.net/kb/documents/public/junos_es/JUNOS_ES_Multipoint_VPN_with_NHTB.pdf

Thanks for replying! This configuration seems to create a
hub-and-spoke multipoint VPN. I'm really looking for a solution that
allows direct spoke-to-spoke (full mesh) communication, and ideally,
something that does not require static configuration of anything but
the spoke-to-hub tunnel.

cheers,
Dale


>> [apologies if you receive this on-list twice.]
>>
>> Hi all,
>>
>> Can anyone tell me what the equivalent functionality to DMVPN is in
>> the world of Juniper?
>>
>> I understand there's "ACVPN" available in ScreenOS, but does anyone
>> actually use this? Our local Juniper team didn't give us a warm, fuzzy
>> feeling about this feature.
>>
>> As a side note, is it true that the any-to-any dynamic IPSec
>> functionality that became DMVPN in Cisco world was actually developed
>> by NetScreen prior to being acquired by Juniper? Is it true the
>> functionality hasn't been developed to the same degree it has in IOS?
>>
>> We are looking at a (~60 site) deployment with Juniper CEs, using a
>> service provider's L3VPN product, but CE device selection is proving a
>> challenge -- we'd prefer not to roll out what seems to be a legacy
>> platform in the SSGs, but the functionality apparently isn't there yet
>> in JUNOS. Deploying hub-and-spoke in 2009 seems a bit backwards.
>>
>> If anyone has any anecdotes about ACVPN, or tips on how to achieve a
>> similar configuration using a JUNOS-based device, please chime in! :-)
>> The network will be supporting VoIP traffic, hence the any-to-any
>> connectivity requirement.
>>
>> cheers,
>> Dale