Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
If do not select a VPN member as the VPN hub, the hub routes VPN traffic from one
branch to another.
If you do select a VPN member as the VPN hub, the hub routes VPN traffic from itself
and all connected branches.
Each spoke can send and receive VPN traffic to and from the hub, but cannot
communicate directly with other spokes.
Dual Hub and Spoke—You can select a device to act as a backup hub, and enable the
spokes to communicate with each other by making the following settings.
Assign a VPN and gateway. Edit the Topology settings from
>AutoKey IKE VPN >, New or Edit >Topology.
can assign the device to be used as backup, from the drop-down list in the
field. After selection, the backup hub is added to the General Configuration list.
Hub
Edit the vrouter on the spoke device, and assign the ACVPN-Dynamic and NHS IP
Address. You can set these parameters from
VPN > VPN >Device Tunnel Summary >Edit Router >Dynamic Routing Protocol> NHRP
>Parameters
. You cannot make this setting on a hub device. The ACVPN-Dynamic
and the ACVPN-Profile settings are mutually exclusive, so if a device is already set
as a Hub, then you cannot set it as a Spoke or vice versa.
Assign NHRP redistribution rules. You can make this setting from the
>VPNs >AutoKey IKE VPN >VPN >Device Tunnel Summary >Edit Router >Dynamic
Routing Protocol >NHRP >Redistribution Rules.
Add the NHRP option to the OSPF, BGP, and RIP redistribution rules. You can make
these settings from:
VPN Manager > VPNs > AutoKey IKE VPN > VPN > Device Tunnel Summary > Edit
Router > Dynamic Routing Protocol > OSPF > Redistribution Rules.
VPN Manager > VPNs > AutoKey IKE VPN > VPN > Device Tunnel Summary > Edit
Router > Dynamic Routing Protocol >BGP > Redistribution Rules.
VPN Manager > VPNs > AutoKey IKE VPN > VPN > Device Tunnel Summary > Edit
Router > Dynamic Routing Protocol > RIP > Redistribution Rules.
Set the routing on the tunnel interface from "
>VPN > Device Tunnel Summary > Edit Interface > General Properties.
to ACVPN-Dynamic.
NOTE: You can enable the dual hub feature only if the Spoke device runs
ScreenOS 6.3 or later. The Hub device could run ScreenOS 6.3 or an older
version.
Main and Branch—Main and branch topologies combine the flexibility of hub and spoke
with the redundancy of full mesh. Because you can select multiple mains, each branch
has an alternate tunnel to use if one main fails. To create a main and branch:
Chapter 12: Configuring VPNs
VPN Manager >VPNs
Select
Enable Auto-Connect VPN
VPN Manager > VPNs > AutoKey IKE
VPN Manager
VPN Manager >VPNs >AutoKey IKE VPN
Select
You
Backup
Routing
575
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008