[j-nsp] Comparison of Dynamic VPN on SRX vs MAG VPN

Matt McGuirl matt at mcguirl.net
Mon Nov 25 13:57:22 EST 2013 

You should also consider what sort of devices your end users will be using.
The MAG option can support just about anything. Dynamic VPN is much more
restrictive.

Happy shopping,

Matt


On Mon, Nov 25, 2013 at 5:28 AM, Mark Menzies <mark at deimark.net> wrote:

> This is a tricky one and really depends on what you want to do with the
> users.
>
> If all you need is a L3 VPN that allows a full L3 connection to your
> network then dynamic VPN on SRX is attractive.
>
> If you want to offer more options to the user, ie some SSL based portal
> access, only encrypt some applications through the SSL tunnel then MAG is
> the way to go.
>
> From experience, the implementation of dynamic VPN on SRX has been
> problematic to set up initially but works fine for low number of users (I
> am talking of issues on 10.4 onwards for the set up of user profiles - was
> a bit untidy).
>
> We also need to take into account how many concurrent users you expect to
> see as approaching the max 50 users concurrently is likely to affect
> performance slightly. (performance was impacted in 11.x for me at least,
> not tested 12.1Xx yet).
>
> I haven't seen any proper comparison between the 2 but as its very
> subjective on what you need it for everyone's opinion can change.
>
> The basics that I follow in $DAY_JOB are if all you need is L3 VPN, no
> fancy portal or application security then go for dynamic VPN.  IF you need
> anything other than L3 and you have more than 50 concurrent users then MAG
> is the way.
>
> HTH
>
>
>
> On 25 November 2013 10:00, Skeeve Stevens <
> skeeve+junipernsp at eintellegonetworks.com> wrote:
>
> > Hey all,
> >
> > I have a client with simple VPN needs.
> >
> > The price of the VPN simultaneous users for a MAG is four times the price
> > of the simultaneous dynamic VPN users for an SRX.
> >
> > I am thinking of about 50 users.
> >
> > Does anyone have a solid comparison between the two.
> >
> > I do have to land the VPN user into a particular VRF... if that makes a
> > difference.
> >
> > ...Skeeve
> >
> > *Skeeve Stevens - *eintellego Networks Pty Ltd
> > skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
> >
> > Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
> >
> > facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
> > linkedin.com/in/skeeve
> >
> > twitter.com/theispguy ; blog: www.theispguy.com
> >
> >
> > The Experts Who The Experts Call
> > Juniper - Cisco - Cloud
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



-- 
Matt McGuirl
mcguirl at gmail.com
Voice: +1-610-579-3718
Skype: MLMcGuirl

More information about the juniper-nsp mailing list