Friday, November 22, 2013

Juniper SRX Dual-ISP w/redundant VPNs by Example

Preface: I created this for the poor souls out there who purchased a Juniper SRX and realized how utterly complicated and how miserable the documentation is for configuring these firewalls. I would never recommend purchasing these... there are easier and far more stable firewalls out there that can do the same thing as these horrible devices.  Now for those who are stuck with them and need a quick guide on how to get these muther's working, read on.  

 Please be aware that I whipped this rather quick, so I'm sure there are some errors here and there.  I'll update it as necessary.  Also, if there are better ways to configure this or more optimized methods, please don't hesitate to comment!

Moving on.. here's a summary of each site:

 Site A: 2x SRX 220's running in a cluster with a dual-ISP setup. It is also running an SMTP server that is accessible on both the primary and secondary ISP's. It has IP-Monitoring so if the primary or backup ISP goes down, traffic is rerouted automatically.

 Site B: A single SRX w/IDP running.

Between the sites, VPN connections are setup over every ISP.  OSPF is running for redundancy and to take care of all the static routes.  All SRX's are running 11.4 or later.


Configs
Posted by at 4 comments:
Labels:
Subscribe to: Posts (Atom)