High Availability
-
Dynamic routing protocol support for IPsec VPN in Multinode High Availability (SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX3.0)—Starting in Junos OS Release 23.2R1, you can enable dynamic routing protocols for IPsec VPN in a Multinode High Availability setup by configuring
node-local
tunnels.To configure node-local tunnels, you must specify the
set security ike gateway <name> node-local
statement in the IKE gateway configuration on both the SRX Series Firewalls in a Multinode High Availability setup.With dynamic routing protocols, you can add and remove IP prefixes in the network and automatically redistribute the prefixes to the network peers without changing the traffic selector configuration.