Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
Each spoke can send and receive VPN traffic to and from the hub, but cannot
communicate directly with other spokes.
Dual Hub and Spoke—You can select a device to act as a backup hub, and enable the
spokes to communicate with each other by making the following settings.
Assign a VPN and gateway. Edit the Topology settings from
>AutoKey IKE VPN >, New or Edit >Topology.
can assign the device to be used as backup, from the drop-down list in the
Hub
field. After selection, the backup hub is added to the General Configuration list.
Edit the vrouter on the spoke device, and assign the ACVPN-Dynamic and NHS IP
Address. You can set these parameters from
VPN > VPN >Device Tunnel Summary >Edit Router >Dynamic Routing Protocol> NHRP
. You cannot make this setting on a hub device. The ACVPN-Dynamic
>Parameters
and the ACVPN-Profile settings are mutually exclusive, so if a device is already set
as a Hub, then you cannot set it as a Spoke or vice versa.
Assign NHRP redistribution rules. You can make this setting from the
>VPNs >AutoKey IKE VPN >VPN >Device Tunnel Summary >Edit Router >Dynamic
Routing Protocol >NHRP >Redistribution Rules.
Add the NHRP option to the OSPF, BGP, and RIP redistribution rules. You can make
these settings from:
VPN Manager > VPNs > AutoKey IKE VPN > VPN > Device Tunnel Summary > Edit
Router > Dynamic Routing Protocol > OSPF > Redistribution Rules.
VPN Manager > VPNs > AutoKey IKE VPN > VPN > Device Tunnel Summary > Edit
Router > Dynamic Routing Protocol >BGP > Redistribution Rules.
VPN Manager > VPNs > AutoKey IKE VPN > VPN > Device Tunnel Summary > Edit
Router > Dynamic Routing Protocol > RIP > Redistribution Rules.
Set the routing on the tunnel interface from "
>VPN > Device Tunnel Summary > Edit Interface > General Properties.
to ACVPN-Dynamic.
NOTE: You can enable the dual hub feature only if the Spoke device runs ScreenOS 6.3
or later. The Hub device could run ScreenOS 6.3 or an older version.
Main and Branch—Main and branch topologies combine the flexibility of hub and spoke
with the redundancy of full mesh. Because you can select multiple mains, each branch
has an alternate tunnel to use if one main fails. To create a main and branch:
Select the devices to act at mains; these devices can communicate with all other
VPN members.
Select remaining devices as branches; these devices communicate with all mains.
Chapter 12: Configuring VPNs
VPN Manager >VPNs
Select
Enable Auto-Connect VPN
VPN Manager > VPNs > AutoKey IKE
VPN Manager
VPN Manager >VPNs >AutoKey IKE VPN
Select
You
Backup
Routing
567
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper 200 Series