FW/IPSec VPN Buyer’s Guide

Supports different VPN

 

 

 

deployment modes:

 

 

 

Rule-based/Policy-based

Yes

 

 

Route-based

Yes

 

 

Dynamic Route-based (Best

Yes

 

 

Path)

 

 

 

Support multiple VPN

 

 

For rule-based or policy-

gateways to enable VPN to

Yes

 

based VPNs

persist in the event of a failure

 

 

 

Supports multiple tunnels,

 

 

Note: rule-based or policy-

running the same services,

Yes

 

based VPNs cannot do this,

between VPN gateways

 

 

only route-based and

 

 

 

dynamic route-based VPNs

Supports fail-over between

 

 

For route-based VPNs, can

tunnels based on alternate

Yes

 

take up to a minute for fail-

static routes defined in the

 

 

over

route table

 

 

 

Supports fail-over between

 

 

For dynamic route-based

redundant tunnels using

Yes

 

VPNs, can take up to a

dynamic routing

 

 

minute for fail-over

 

Yes, custom VPN

 

 

Supports fail-over between

Path Monitor-

 

 

redundant tunnels using

configurable interval

 

 

another mechanism

to allow fail-over in

 

 

 

seconds

 

 

R-associate VPN with another

 

 

 

tunnel without having to

Yes, Security

 

 

renegotiate the encryption

Association mirroring

 

 

keys

mechanism

 

 

Copyright © 2004, Juniper Networks, Inc.

14

Page 13 Page 15
Page 14
Image 14
Juniper Networks 710008-001 manual Yes, custom VPN
Page 13 Page 15
Top Page Image Contents