If you have ever configured an IPsec VPN between a Cisco and a Juniper SRX you know it can be difficult. Actually, if you ever configured an IPsec VPN in general you know it can be a royal pain in the keester.

In any case, when you configure a Policy-Based IPsec VPN between Juniper and Cisco ISR routers, with more than one network on each side, you will find you will need an extraordinary number of policies on the SRX in order to play nice with the Cisco. If the networks allow, use IP Address Aggregation. Doing this on both sides will greatly simplify your config. In some (most?) cases you will not be this lucky.

This is the stock config (out of the box) of a Juniper SRX240. When clustering two SRX240’s, you have to delete the ENTIRE config before issuing any cluster commands. After this you can go ahead and reconfig the SRX240’s as you like. I hope the below finds some use to someone.

I’m happy to say I’m stacking more switches now, and this time they are Brocade units and not HP (H3C). Luckily Brocade switches are easier to stack and also offer much better performance. Here we go!

First off, let me say that no one in their right mind should ever use a software RAID. Never! At least not in a production environment. You can do it at home all you want or if you really hate yourself and want to support this stuff yourself and deal with the headaches. Ina real environment if you have a need for RAID, pony up the money and get a real hardware RAID controller. Like I like to say, if you want to play with the big boys you need big-boy toys.

Recently I had to create a T1 Crossover cable in order to connect two Juniper SRX240’s in the lab. A T1 crossover cable is different than an Ethernet crossover cable (but a regular ethernet cable can be used for T1 because both are straight-through).

My Setup

• 3x HP A5120-48G EI Switch with 2 Interface Slots (Note that these are from the H3C product lineup)
• 3x HP CX4 interface cards, plugged into MOD1 slot in each switch

CX4 cards are connected in a ring topology (do not connect until you preconfigure):

Switch1 connector 1->Switch 2 connector 2 Switch2 connector 1->Switch 3 connector 2 Switch3 connector 1->Switch 1 connector 2