Quantcast
Channel: All SRX Services Gateway posts
Viewing all articles
Browse latest Browse all 17645

Re: SRX340 - Prioritize VPN traffic

$
0
0
Hi Alex, Are both VPN peers SRX devices? I'm confirming the possibility of using this feature: https://www.juniper.net/documentation/en_US/junos/topics/concept/cos-based-ipsec-vpns-with-multiple-ipsec-sa.htmlhttps://www.juniper.net/documentation/en_US/junos/topics/concept/traffic-selectors-and-cos-based-ipsec-vpns.htmlhttps://www.juniper.net/documentation/en_US/junos/topics/example/cos-based-ipsec-vpns-configuring.html#jd0e20 (on this example the configuration is applied on Sunnyvale SRX and the picture of the topology doesn't match with the configuration so don't get confused; I have already submitted the feedback) Basically with the above feature the SRX will create one SA per Forwarding-Class(FC). Its like mapping a FC to a queue but in this case to a SA. This way you can prioritize traffic being sent via a specific FC-to-SA. Also note that if your inner-packets are coming to the SRX already tagged (lets say DSCP tagging), the SRX will copy those tags to the outer-packet (the already encrypted packet) being sent.

Viewing all articles
Browse latest Browse all 17645

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>