Re: [j-nsp] vSRX Policy-based VPNs - unsupported platform
Pretty sure policy-based VPN was unsupported for a short period during the transition from older code and hardware to the newer, but should be back in 15.1X49-D50, though I do not know the version of the current trial software available for download. -C On 07/15/2016 12:28 AM, Jed Laundry wrote: Hi Folks, I'm looking at converting our aged hardware SRX's onto vSRX, but I seem to have hit a big scary warning when staging config for policy-based VPNs, see below: security { policies { from-zone zone-lab to-zone zone-internet { policy policy-test-ipsec { match { source-address addr-lab-testbox; destination-address addr-remote-testbox; application any; } then { permit { ## ## Warning: configuration block ignored: unsupported platform (vsrx) ## tunnel { ipsec-vpn vpn-remote; } } } This is vSRX 15.1X49-D40.6 on VMware. It's just the trial version, I haven't bought a licence yet. I haven't yet been able to test if this does or doesn't work (next week), but the warning doesn't look good. Is anyone else using vSRX with policy-based VPNs? Is there something fundamental that I've missed, or a configuration tweak necessary to convert 12.1 config to 15.1? Thanks, Jed. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] vSRX Policy-based VPNs - unsupported platform
Hi Jed, On 15 July 2016 at 17:28, Jed Laundrywrote: > [...] > ## > ## Warning: configuration block ignored: > unsupported platform (vsrx) > ## > tunnel { > ipsec-vpn vpn-remote; [...] > > This is vSRX 15.1X49-D40.6 on VMware. It's just the trial version, I > haven't bought a licence yet. According to the release notes, policy-based VPN support was (re-)introduced from 15.1X49-D50. See: http://www.juniper.net/techpubs/en_US/junos15.1x49-d50/information-products/topic-collections/release-notes/15.1x49-d50/junos-release-notes-15.1X49-D50.pdf cheers, Dale ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] vSRX Policy-based VPNs - unsupported platform
Hi Folks, I'm looking at converting our aged hardware SRX's onto vSRX, but I seem to have hit a big scary warning when staging config for policy-based VPNs, see below: security { policies { from-zone zone-lab to-zone zone-internet { policy policy-test-ipsec { match { source-address addr-lab-testbox; destination-address addr-remote-testbox; application any; } then { permit { ## ## Warning: configuration block ignored: unsupported platform (vsrx) ## tunnel { ipsec-vpn vpn-remote; } } } This is vSRX 15.1X49-D40.6 on VMware. It's just the trial version, I haven't bought a licence yet. I haven't yet been able to test if this does or doesn't work (next week), but the warning doesn't look good. Is anyone else using vSRX with policy-based VPNs? Is there something fundamental that I've missed, or a configuration tweak necessary to convert 12.1 config to 15.1? Thanks, Jed. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp