[j-nsp] DMVPN on Juniper
Derick Winkworth
dwinkworth at att.net
Sat Jul 18 15:01:23 EDT 2009
Juniper really doesn't have a JUNOS based "any-to-any" type encryption solution.
The sad part is that if they supported NHRP and GDOI, then they would have a solution that would be compatible with Cisco.... DMVPN is really just GRE w/NHRP and some propriety hooks into IPSec... take those propriety hooks out and its just GRE w/NHRP... now put GDOI on the WAN interface... and you have a far better any-to-any encrytion solution. NO per-tunnel encryption state. In fact, if you push the next-hop cache down to the spokes, then potentially there is no setup time at all for spoke-to-spoke communication...
You would think that would be a great way of getting an existing Cisco customer to try a Juniper box if they have an any-to-any encryption requirement. Surely there are lots of these customers since ethernet WAN and MPLS WAN services are so prolific now...
________________________________
From: Dale Shaw <dale.shaw+j-nsp at gmail.com>
To: David Prall <dcp at dcptech.com>
Cc: juniper-nsp at puck.nether.net
Sent: Friday, July 17, 2009 10:13:54 PM
Subject: Re: [j-nsp] DMVPN on Juniper
Hi David,
On Sat, Jul 18, 2009 at 1:08 PM, David Prall<dcp at dcptech.com> wrote:
> The feature is called Auto Connect VPN
> http://www.juniper.net/solutions/literature/app_note/350126.pdf
Thanks, but as I said in my original post (perhaps not very clearly,
looking back at it now), my preference is for a solution using JUNOS.
Anyway, have you used AC-VPN? and if so, how many sites? Is it
reliable? Any tricks/traps?
cheers,
Dale
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list