Juniper really doesn't have a JUNOS based "any-to-any" type encryption solution.
The sad part is that if they supported NHRP and GDOI, then they would have a
solution that would be compatible with Cisco DMVPN is really just GRE
w/NHRP and some propriety hooks into IPSec... take those propriety hooks out
and its just GRE w/NHRP... now put GDOI on the WAN interface... and you have a
far better any-to-any encrytion solution. NO per-tunnel encryption state. In
fact, if you push the next-hop cache down to the spokes, then potentially there
is no setup time at all for spoke-to-spoke communication...
You would think that would be a great way of getting an existing Cisco customer
to try a Juniper box if they have an any-to-any encryption requirement. Surely
there are lots of these customers since ethernet WAN and MPLS WAN services are
so prolific now...
From: Dale Shaw
To: David Prall
Cc: juniper-nsp@puck.nether.net
Sent: Friday, July 17, 2009 10:13:54 PM
Subject: Re: [j-nsp] DMVPN on Juniper
Hi David,
On Sat, Jul 18, 2009 at 1:08 PM, David Prall wrote:
> The feature is called Auto Connect VPN
> http://www.juniper.net/solutions/literature/app_note/350126.pdf
Thanks, but as I said in my original post (perhaps not very clearly,
looking back at it now), my preference is for a solution using JUNOS.
Anyway, have you used AC-VPN? and if so, how many sites? Is it
reliable? Any tricks/traps?
cheers,
Dale
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp