Traffic Protection Using Tunneling Protocol In Nsm Overview - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Configuring ScreenOS Devices Guide
Table 47: VPN Types (continued)
Topology Description
Hub and In a hub and spoke VPN, multiple security devices (spokes) communicate through a central device (the hub).
Spoke
Advantages—Can connect several devices and users. Hub and spoke VPNs are easy to maintain because you
only need to reconfigure the spoke and the hub device, which save you administration and resource costs. If
you have smaller security devices with limited tunnel capacity, you can use hub and spoke VPNs to increase
the number of available tunnels.
Disadvantages—The hub is a single point of failure; however, you can use NSRP for redundancy.
A hub acts as a concentrator for the other VPN members, but does not necessarily have resources that are
available to other members. In fact, you can specify a security device that is not a VPN member to act as the hub:
If you include the hub in the VPN, the hub device can send and receive traffic from all spokes; if you do not include
the hub, the hub device routes traffic between spokes.
Use a hub and spoke topology when you want to route VPN traffic through a VPN member that does not contain
protected resources. An example is shown below:
Full Mesh In a full mesh VPN, all VPN member can communicate with all other VPN members.
Advantages—Because a full mesh configuration uses redundant IPSec tunnels, traffic continues to flow even
if a node fails.
Disadvantages—When you add a member to the VPN, you must reconfigure all devices.
Use a full mesh VPN when you need to ensure that every VPN member can communicate with every other VPN
member.
Creating To ensure stable, continuous VPN connection, use redundant gateways to create multiple tunnels between
Redundancy resources. If a tunnel fails, the management system automatically reroutes traffic. Redundant gateways use
NSRP to determine the tunnel status.
Related
Documentation

Traffic Protection Using Tunneling Protocol in NSM Overview

Related
Documentation
202
Traffic Protection Using Tunneling Protocol in NSM Overview on page 202
Traffic Protection Using IPsec Tunneling Protocol Overview on page 203
Planning Your VPN Using NSM Overview on page 198
To protect traffic as it passes over the Internet, you can create a secure tunnel between
devices using a tunneling protocol. Each device in the VPN uses the tunneling protocol
to establish a secure data path, enabling traffic between the devices to flow securely
from source to destination. NSM provides two tunneling protocols such as IPsec and
L2TP.
Traffic Protection Using IPsec Tunneling Protocol Overview on page 203
Traffic Protection Using L2TP Tunneling Protocol Overview on page 205
Defining Members and Topology in NSM on page 207
Copyright © 2010, Juniper Networks, Inc.