Are there any debug possibilities for IPsec?
Am 26.07.2008 um 23:06 schrieb GIULIANO (UOL):
Matthias,
JUNOS 9.1R2.1 does not need IPSec VPN License.
It came as a default feature.
There is some configuration example:
http://www.wztech.com.br/config/junos-ipsec-config
For 2320 and 2350 you add the hardware acceleration module:
JXH-HC2-S J2320, J2350 Hardware Crytographic Acceleration Module
I think J-4350 and J-6350 will NOT have any problems with IPSec
processing.
Att,
Giuliano
Hi!
I presume GRE would be less cpu intensive? I think when the link
goes down a somewhat slower interconnectivity would be sufficient.
At the moment we have 100 Mbit links to the internet on both sides,
so it would be great to have that bandwidth also over the tunnel.
As far as I know, these are blank boxes, without additional VPN
licenses, so I presume IPsec would not be the right decision. But
if it is possible to use an IPsec tunnel to build an iBGP session,
I will play with it ;)
Am 26.07.2008 um 20:49 schrieb GIULIANO (UOL):
You can use an IPSec or a GRE Tunnel.
IPSec will work just fine for that.
Hi Mathias,
If your J6350 run JUNOS with enhanced services, you can setup
JSRP (Juniper Network Stateful Redudancy Protocol).
But I'm not really sure if this is the solution you're looking for.
Still a newbie though >.<
Regards,
Stevanus
Matthias Gelbhardt wrote:
Hi!
I am hoping you can give me some tips for implementing this
scenario.
I have two locations each with two J6350 routers. The locations
are connected via a fiber network with each other. On each
location the J's do have at least one eBGP session to different
carriers. The boxes speak iBGP over the fiberlink with each
other. We have split our PA space, so that we can announce
different prefixes on each location. The prefixes which are not
originating on one location will be received through iBGP from
the originating one.
How could I implement a redundant scenario? At first I had
thought about getting the other prefixes via eBGP, but that is
something, which seams to be no "clean" solution. Furthermore
our carriers seam to be not happy with announcing prefixes with
our AS in the path back to us.
The more clean solution could be establishing a tunnel between
the location over the internet and speak iBGP with a low
priority over it. Unfortunatly I am a bit lost, which type of
tunnel I should use for this scenario, as the J's are unable to
implement a L2TP tunnel for example.
Would be great to get an idea and help implementing this!
Regards,
Matthias
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
No virus found in this incoming message.
Checked by AVG - http://www.avg.com Version: 8.0.138 / Virus
Database: 270.5.6/1574 - Release Date: 25/07/2008 16:27
No virus found in this incoming message.
Checked by AVG - http://www.avg.comVersion: 8.0.138 / Virus
Database: 270.5.6/1574 - Release Date: 25/07/2008 16:27
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp