[j-nsp] Comparison of Dynamic VPN on SRX vs MAG VPN

Mark Menzies mark at deimark.net
Mon Nov 25 05:28:26 EST 2013


This is a tricky one and really depends on what you want to do with the
users.

If all you need is a L3 VPN that allows a full L3 connection to your
network then dynamic VPN on SRX is attractive.

If you want to offer more options to the user, ie some SSL based portal
access, only encrypt some applications through the SSL tunnel then MAG is
the way to go.

>From experience, the implementation of dynamic VPN on SRX has been
problematic to set up initially but works fine for low number of users (I
am talking of issues on 10.4 onwards for the set up of user profiles - was
a bit untidy).

We also need to take into account how many concurrent users you expect to
see as approaching the max 50 users concurrently is likely to affect
performance slightly. (performance was impacted in 11.x for me at least,
not tested 12.1Xx yet).

I haven't seen any proper comparison between the 2 but as its very
subjective on what you need it for everyone's opinion can change.

The basics that I follow in $DAY_JOB are if all you need is L3 VPN, no
fancy portal or application security then go for dynamic VPN.  IF you need
anything other than L3 and you have more than 50 concurrent users then MAG
is the way.

HTH



On 25 November 2013 10:00, Skeeve Stevens <
skeeve+junipernsp at eintellegonetworks.com> wrote:

> Hey all,
>
> I have a client with simple VPN needs.
>
> The price of the VPN simultaneous users for a MAG is four times the price
> of the simultaneous dynamic VPN users for an SRX.
>
> I am thinking of about 50 users.
>
> Does anyone have a solid comparison between the two.
>
> I do have to land the VPN user into a particular VRF... if that makes a
> difference.
>
> ...Skeeve
>
> *Skeeve Stevens - *eintellego Networks Pty Ltd
> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
>
> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
>
> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
> linkedin.com/in/skeeve
>
> twitter.com/theispguy ; blog: www.theispguy.com
>
>
> The Experts Who The Experts Call
> Juniper - Cisco - Cloud
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list