Hi Scott,

We chose the Juniper solution but I’m still waiting for the Juniper SRX650s to arrive. I have 3 SRX210Hs on the shelf but haven’t had the time to open the box forget starting to actually configure the equipment.

Unless someone else comments (not a really big SRX following here just yet – soon hopefully) I’ll try to open the box next week and post you my configuration settings. One of our tasks is to document the configuration and test interoperability between the two solutions so as we migrate we don’t have to change out both ends at the same time.

You might also want to check out Juniper’s website. I’ve heard that there’s some great information on there including some free web-based eLearning seminars on using JUNOS.

I’ll let you know what I find.

Cheers!

I’ve been playing around with an SRX210 box this box, I too need to replace some aging CES1100 units and thought that an SRX might do the trick.

I haven’t been too impressed with the slow GUI and the learning curve on JunOS, however I think I’ve got it.

I’m trying to configure my 210 to create a tunnel back to my CES 1750’s … no luck so far. Do you have experience creating an ABOT with a Juniper and a Nortel?

Thanks

Scott

The biggest concern we had was the speed (or lack thereof) in the web GUI. It was painfully and agonizingly slow trying to-do the most basic operations. Thankfully Juniper has acknowledged that issue and we were able to test a beta release of JUNOS on the SRX210 where the web GUI was much more responsive than previously (I’ll take a command line interface anyday over a GUI – but JUNOS is going to take sometime to learn).

I found the juniper folks to be very aggressive with their pricing when they heard I was also looking at the Cisco ASA product.

I’ll try to post some notes once we get going.

Cheers!

Thanks for the reply.

Hi Kyle,

The Nortel VPN Router (formerly the Contivity Extranet Gateway) was born out of the Bay Networks acquisition of New Oak Communications back in January 1998. It was an awesome killer product at the time and no one had anything that could stand up to it. That was a long time ago and the times have changed.

We’re now doing the majority of our end user VPN connections on a pair of Juniper Secure Access 4000 appliances providing true client-less SSL VPN. We’re also using Juniper’s Network Connect client to provide IPSec like VPN over SSL. We’ve found the Network Connect client to be much more forgiving and tolerant to various network variables (wireless was a big variable). The Network Connect client is also able to negotiate a connection over HTTPS/SSL in environments where IPSec is not possible and/or allowed.

So we were looking for a solution that would provide for traditional branch office VPN tunnels. It needed to be flexible and compatibly with the large majority of devices already in use. Looking at our existing configuration the prominent device in use by our vendors and business partners was Juniper so it only made sense to start our search there. There was a lot of positive feedback on the Internet and in reviews about the Juniper SRX product line.

I believe we’ve settled on the Juniper SRX650 although I have yet to write the purchase order. We’ll likely be deploying the SRX210H at our branch office sites to replace the EoL Nortel VPN Router 1010.

I’ll probably post some thoughts once we start moving forward with the project.

Cheers!

Great blog by the way…