Using the AutoDiscovery VPN protocol is a new and different approach to solving real-world IPsec encryption problems. Get ahead of the curve and into the lab with this workbook full of overviews, configurations, and troubleshooting samples.
Neither the fully-meshed nor hub-and-spoke approaches to IPsec VPNs are optimal for modern network deployments where customers demand both the ease of provisioning encrypted overlay security services and the optimum flow of traffic to minimize application traffic latency. What is needed is an approach that takes the simplified provisioning of hub-and-spoke with the low application latency of fully-meshed.
Spokes should have the capability to temporary build tunnels between each other on an on-demand basis to create the most efficient forwarding path, so if a particular flow is required, the spokes build dynamic tunnels between themselves for that communication and then clear the tunnel when idle. In this way the fully-meshed approach is available to the network without the overhead of configuring all the necessary communication paths. The hub takes care of the task of identifying whether dynamic connections are required. The SRX Series employs a feature called AutoVPN to deliver this capability, which has been shipping since Junos 12.1X44. Now AutoVPN deployments can use the Auto Discovery VPN (ADVPN) protocol to dynamically establish spoke-to-spoke VPN tunnels.
This Day One book will tell you why and show you how, while providing sample implementations to investigate in your lab.
IT’S DAY ONE AND YOU HAVE A JOB TO DO, SO LEARN HOW TO:
• Gain an appreciation of the main issues surrounding the integration of encryption technology into networking products.
• Understand the need for a standards-based approach to solving network integration issues.
• Understand Juniper’s AutoDiscovery VPN (ADVPN) solution.
• Learn how to incorporate the ADVPN feature into a design.
• Explore the detailed steps required to implement and tune ADVPN in your network.
• Take architectural blueprint designs as a base template to be tailored for your specific scenario.
