JNCIE-SEC – Clay Haynes

Traffic Selectors on a Route-based VPN

Posted on 23/04/201913/04/2021 by Clay Haynes in IPSEC, SRX

This is an extremely long-overdue post, but I wanted to add a follow-up to the old blogpost Route-based VPN with Multiple Source/Destination Networks to a 3rd Party Device. While the previous method still works, it still had some drawbacks:

It required the use of ephemeral IP address, which can be a waste of IP space
It only worked if there was one destination network, as Next-Hop Tunnel Bindings (NHTBs) did not address which source network traffic came from

Traffic selectors were introduced as feature starting in Junos 12.1X46-D10 (SRX200, SRX1400, and SRX3k series) and Junos 17.3R1 (SRX300, SRX1500, SRX4k, and SRX5k series) for IKEv1. IKEv2 support was added in Junos 15.1X49-D100, meaning this is only available for the SRX300, SRX1500, SRX4k, and SRX5k series.

(more…)

SRX – Configuring a DHCP Server

Posted on 18/08/201409/04/2020 by Clay Haynes in Uncategorized

It’s been a while since I wrote up a new post, so I thought I would come back with a nice post about the changes in configuring DHCP Servers on the SRX’s. Since Junos 12.x a new DHCP process came out to help fix some long standing issues with the existing feature. In this post I will discuss the old configuration, some of the problems I would regularly encounter, and the configuration of the new DHCP process.

(more…)

Packet Mode and Selective Packet Services

Posted on 22/04/201409/04/2020 by Clay Haynes in Routing, SRX

Packet mode enables a SRX firewall to act strictly as a router, forwarding packets from a source to a destination without tracking sessions. This is useful for an engineer in certain situations such as high throughput applications that do not need full firewall functionality, or asymmetric traffic flows. We can also enable this mode on interesting traffic which is called Selective Packet Services. More details on Selective Packet Services is available on the following PDF as well as the rest of this post.

(more…)

Route-based VPN with Multiple Source/Destination Networks to a 3rd Party Device

Posted on 22/04/201409/04/2020 by Clay Haynes in IPSEC, SRX

I have seen this question several times on the Juniper Forums, so I decided to post a quick write up on how to build a route-based VPN to a 3rd party device, such as a Cisco ASA, with multiple subnets on each side. The answer is more straightforward than you think.

(more…)

Studying for JNCIE-SEC Exam

Posted on 22/04/201413/04/2021 by Clay Haynes in Certification, SRX

Many people have now asked me for advice on how to pass the JNCIE-SEC Exam, which is a great thing as it seems many people are working towards achieving the next level in their certification journey. This post will cover:

Exam Objectives
Studying Materials
Additional Advice

In later posts I will discuss specific methods/techniques from those objectives.

(more…)

Clay Haynes

NetSec and More

Tag: JNCIE-SEC

Traffic Selectors on a Route-based VPN

SRX – Configuring a DHCP Server

Packet Mode and Selective Packet Services

Route-based VPN with Multiple Source/Destination Networks to a 3rd Party Device

Studying for JNCIE-SEC Exam

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this: