[j-nsp] vSRX Policy-based VPNs - unsupported platform
Chris Burton
chris.burton at speakeasy.net
Fri Jul 15 04:00:35 EDT 2016
Pretty sure policy-based VPN was unsupported for a short period during
the transition from older code and hardware to the newer, but should be
back in 15.1X49-D50, though I do not know the version of the current
trial software available for download.
-C
On 07/15/2016 12:28 AM, Jed Laundry wrote:
> Hi Folks,
>
> I'm looking at converting our aged hardware SRX's onto vSRX, but I
> seem to have hit a big scary warning when staging config for
> policy-based VPNs, see below:
>
> security {
> policies {
> from-zone zone-lab to-zone zone-internet {
> policy policy-test-ipsec {
> match {
> source-address addr-lab-testbox;
> destination-address addr-remote-testbox;
> application any;
> }
> then {
> permit {
> ##
> ## Warning: configuration block ignored:
> unsupported platform (vsrx)
> ##
> tunnel {
> ipsec-vpn vpn-remote;
> }
> }
> }
>
>
> This is vSRX 15.1X49-D40.6 on VMware. It's just the trial version, I
> haven't bought a licence yet.
>
> I haven't yet been able to test if this does or doesn't work (next
> week), but the warning doesn't look good.
>
> Is anyone else using vSRX with policy-based VPNs?
>
> Is there something fundamental that I've missed, or a configuration
> tweak necessary to convert 12.1 config to 15.1?
>
> Thanks,
> Jed.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
More information about the juniper-nsp
mailing list