This is an extremely long-overdue post, but I wanted to add a follow-up to the old blogpost Route-based VPN with Multiple Source/Destination Networks to a 3rd Party Device. While the previous method still works, it still had some drawbacks:
- It required the use of ephemeral IP address, which can be a waste of IP space
- It only worked if there was one destination network, as Next-Hop Tunnel Bindings (NHTBs) did not address which source network traffic came from
Traffic selectors were introduced as feature starting in Junos 12.1X46-D10 (SRX200, SRX1400, and SRX3k series) and Junos 17.3R1 (SRX300, SRX1500, SRX4k, and SRX5k series) for IKEv1. IKEv2 support was added in Junos 15.1X49-D100, meaning this is only available for the SRX300, SRX1500, SRX4k, and SRX5k series.
It’s been a while since I wrote up a new post, so I thought I would come back with a nice post about the changes in configuring DHCP Servers on the SRX’s. Since Junos 12.x a new DHCP process came out to help fix some long standing issues with the existing feature. In this post I will discuss the old configuration, some of the problems I would regularly encounter, and the configuration of the new DHCP process.
Packet mode enables a SRX firewall to act strictly as a router, forwarding packets from a source to a destination without tracking sessions. This is useful for an engineer in certain situations such as high throughput applications that do not need full firewall functionality, or asymmetric traffic flows. We can also enable this mode on interesting traffic which is called Selective Packet Services. More details on Selective Packet Services is available on the following PDF as well as the rest of this post.
I have seen this question several times on the Juniper Forums, so I decided to post a quick write up on how to build a route-based VPN to a 3rd party device, such as a Cisco ASA, with multiple subnets on each side. The answer is more straightforward than you think.
Many people have now asked me for advice on how to pass the JNCIE-SEC Exam, which is a great thing as it seems many people are working towards achieving the next level in their certification journey. This post will cover:
- Exam Objectives
- Studying Materials
- Additional Advice
In later posts I will discuss specific methods/techniques from those objectives.