[j-nsp] vSRX Policy-based VPNs - unsupported platform

Chris Burton chris.burton at speakeasy.net
Fri Jul 15 04:00:35 EDT 2016


Pretty sure policy-based VPN was unsupported for a short period during 
the transition from older code and hardware to the newer, but should be 
back in 15.1X49-D50, though I do not know the version of the current 
trial software available for download.

-C

On 07/15/2016 12:28 AM, Jed Laundry wrote:
> Hi Folks,
>
> I'm looking at converting our aged hardware SRX's onto vSRX, but I
> seem to have hit a big scary warning when staging config for
> policy-based VPNs, see below:
>
> security {
>      policies {
>          from-zone zone-lab to-zone zone-internet {
>              policy policy-test-ipsec {
>                  match {
>                      source-address addr-lab-testbox;
>                      destination-address addr-remote-testbox;
>                      application any;
>                  }
>                  then {
>                      permit {
>                          ##
>                          ## Warning: configuration block ignored:
> unsupported platform (vsrx)
>                          ##
>                          tunnel {
>                              ipsec-vpn vpn-remote;
>                          }
>                      }
>                  }
>
>
> This is vSRX 15.1X49-D40.6 on VMware. It's just the trial version, I
> haven't bought a licence yet.
>
> I haven't yet been able to test if this does or doesn't work (next
> week), but the warning doesn't look good.
>
> Is anyone else using vSRX with policy-based VPNs?
>
> Is there something fundamental that I've missed, or a configuration
> tweak necessary to convert 12.1 config to 15.1?
>
> Thanks,
> Jed.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>



More information about the juniper-nsp mailing list