Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

(This draft is obsolete, due to we drop the support for Remote Access VPN on SRX)



Document History


Feature Specifications

  • The feature would add Remote Access VPN support for SRX.
  • SRX must servicing as Firewall service provider and VPN service provider.
  • SRX should running with JunOS 10.4r1 or above.
  • The feature is implemented using Dynamic-VPN technology of Juniper(refer to, so
    • It would only support Juniper property VPN client(which can be downloaded from SRX directly)
    • It would only support Windows XP, Vista or Windows 7
    • Other limitation of Juniper Dynamic-VPN on SRX including you may need to buy license from Juniper for more than 2 concurrent users.

Use cases

  1. User acquire a new public IP, in a network that SRX servicing
  2. User enable Remote Access VPN on the IP.
  3. User add VPN user to it.
    1. The VPN user name would be in xxx@IP-String, which IP-String=IP.replace(".", "-")
      1. e.g. alice@10-223-69-19
    2. Because there is only one SRX handled all the VPN users, we need this way to distinguish different user for different guest networks. 
  4. VPN user open web browser in Windows, visit the SRX's public IP(which is used as the source nat ip usually), get the client and configuration.
  5. VPN user connected to the network using above username and specified password. And it's done.

Architecture and Design description

  • The whole process maybe sightly different from VPN in VR case, since SRX would take care of all the configurations.LiLi



Web Services APIs

Reused the same API for Remote Access VPN on VR.

UI flow

  • either demonstrate it visually here or link to relevant mockups


Appendix A:

Appendix B: