[j-nsp] DMVPN on Juniper

masood at nexlinx.net.pk masood at nexlinx.net.pk
Tue Jul 14 08:46:48 EDT 2009

Hi Dale,

With S2S (spoke 2 spoke) the biggest problem is now how to avoid
static/manual configuration.
What I am thinking the NHRP server for the following Hub/Spoke toplogy can
be used to complete the link between S2S. In this case HUB can be used
only for query. Cisco supports it; Juniper ??????


> Hi Masood,
> On Tue, Jul 14, 2009 at 9:53 PM, <masood at nexlinx.net.pk> wrote:
>> I am not sure if this is right for you :)
>> http://kb.juniper.net/kb/documents/public/junos_es/JUNOS_ES_Multipoint_VPN_with_NHTB.pdf
> Thanks for replying! This configuration seems to create a
> hub-and-spoke multipoint VPN. I'm really looking for a solution that
> allows direct spoke-to-spoke (full mesh) communication, and ideally,
> something that does not require static configuration of anything but
> the spoke-to-hub tunnel.
> cheers,
> Dale
>>> [apologies if you receive this on-list twice.]
>>> Hi all,
>>> Can anyone tell me what the equivalent functionality to DMVPN is in
>>> the world of Juniper?
>>> I understand there's "ACVPN" available in ScreenOS, but does anyone
>>> actually use this? Our local Juniper team didn't give us a warm, fuzzy
>>> feeling about this feature.
>>> As a side note, is it true that the any-to-any dynamic IPSec
>>> functionality that became DMVPN in Cisco world was actually developed
>>> by NetScreen prior to being acquired by Juniper? Is it true the
>>> functionality hasn't been developed to the same degree it has in IOS?
>>> We are looking at a (~60 site) deployment with Juniper CEs, using a
>>> service provider's L3VPN product, but CE device selection is proving a
>>> challenge -- we'd prefer not to roll out what seems to be a legacy
>>> platform in the SSGs, but the functionality apparently isn't there yet
>>> in JUNOS. Deploying hub-and-spoke in 2009 seems a bit backwards.
>>> If anyone has any anecdotes about ACVPN, or tips on how to achieve a
>>> similar configuration using a JUNOS-based device, please chime in! :-)
>>> The network will be supporting VoIP traffic, hence the any-to-any
>>> connectivity requirement.
>>> cheers,
>>> Dale

More information about the juniper-nsp mailing list