Dynamic VPN
SRX100, SRX210, and SRX240 devices have the following limitations:
■ The IKE configuration for the dynamic VPN client does not support the
hexadecimal preshared key.
■ The dynamic VPN client IPsec does not support the Authentication Header (AH)
protocol and the Encapsulating Security Payload (ESP) protocol with NULL
authentication.
■ When you log in through the Web browser (instead of logging in through the
dynamic VPN client) and a new client is available, you are prompted for a client
upgrade even if the force-upgrade option is configured. Conversely, if you log in
using the dynamic VPN client with the force-upgrade option configured, the client
upgrade occurs automatically (without a prompt).
Flow and Processing
■ Maximum concurrent SSH, Telnet, and Web sessions—On SRX210, SRX240,
and SRX650 devices, the maximum number of concurrent sessions is as follows:
SRX650SRX240SRX210Sessions
553
ssh
553
telnet
553
Web
NOTE: These defaults are provided for performance reasons.
■ On SRX210 and SRX240 devices, for optimized efficiency, we recommend that
you limit use of CLI and J-Web to the following numbers of sessions:
ConsoleJ-WebCLIDevice
133SRX210
155SRX240
■ On SRX100 devices, Layer 3 control protocols (OSPF, using multicast destination
MAC address) on the VLAN Layer 3 interface work only with access ports.
■ On SRX210, SRX240, and J Series devices, broadcast TFTP is not supported
when flow is enabled on the device.
134 ■ Known Limitations in JUNOS Release 10.1 for SRX Series Services Gateways and J Series Services Routers
JUNOS 10.1 Software Release Notes
To Next Page
Loading...
Need help?
General
