Re: [j-nsp] vSRX Policy-based VPNs - unsupported platform

2016-07-15 Thread Chris Burton 
Pretty sure policy-based VPN was unsupported for a short period during 
the transition from older code and hardware to the newer, but should be 
back in 15.1X49-D50, though I do not know the version of the current 
trial software available for download.


-C

On 07/15/2016 12:28 AM, Jed Laundry wrote:

Hi Folks,

I'm looking at converting our aged hardware SRX's onto vSRX, but I
seem to have hit a big scary warning when staging config for
policy-based VPNs, see below:

security {
 policies {
 from-zone zone-lab to-zone zone-internet {
 policy policy-test-ipsec {
 match {
 source-address addr-lab-testbox;
 destination-address addr-remote-testbox;
 application any;
 }
 then {
 permit {
 ##
 ## Warning: configuration block ignored:
unsupported platform (vsrx)
 ##
 tunnel {
 ipsec-vpn vpn-remote;
 }
 }
 }


This is vSRX 15.1X49-D40.6 on VMware. It's just the trial version, I
haven't bought a licence yet.

I haven't yet been able to test if this does or doesn't work (next
week), but the warning doesn't look good.

Is anyone else using vSRX with policy-based VPNs?

Is there something fundamental that I've missed, or a configuration
tweak necessary to convert 12.1 config to 15.1?

Thanks,
Jed.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp




___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] vSRX Policy-based VPNs - unsupported platform

2016-07-15 Thread Dale Shaw 
Hi Jed,

On 15 July 2016 at 17:28, Jed Laundry  wrote:
>
[...]
> ##
> ## Warning: configuration block ignored:
> unsupported platform (vsrx)
> ##
> tunnel {
> ipsec-vpn vpn-remote;
[...]
>
> This is vSRX 15.1X49-D40.6 on VMware. It's just the trial version, I
> haven't bought a licence yet.

According to the release notes, policy-based VPN support was
(re-)introduced from 15.1X49-D50.

See:
http://www.juniper.net/techpubs/en_US/junos15.1x49-d50/information-products/topic-collections/release-notes/15.1x49-d50/junos-release-notes-15.1X49-D50.pdf

cheers,
Dale
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] vSRX Policy-based VPNs - unsupported platform

2016-07-15 Thread Jed Laundry 
Hi Folks,

I'm looking at converting our aged hardware SRX's onto vSRX, but I
seem to have hit a big scary warning when staging config for
policy-based VPNs, see below:

security {
policies {
from-zone zone-lab to-zone zone-internet {
policy policy-test-ipsec {
match {
source-address addr-lab-testbox;
destination-address addr-remote-testbox;
application any;
}
then {
permit {
##
## Warning: configuration block ignored:
unsupported platform (vsrx)
##
tunnel {
ipsec-vpn vpn-remote;
}
}
}


This is vSRX 15.1X49-D40.6 on VMware. It's just the trial version, I
haven't bought a licence yet.

I haven't yet been able to test if this does or doesn't work (next
week), but the warning doesn't look good.

Is anyone else using vSRX with policy-based VPNs?

Is there something fundamental that I've missed, or a configuration
tweak necessary to convert 12.1 config to 15.1?

Thanks,
Jed.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp