Is it possible to create tunnel betwen Juniper SA400 to/from SRX Firewall that are a few hops away from each other within the Enterprise? Thanks.
Can you please describe what you'd like to use within the tunnel ?
SRX can't do ssl tunnels afaik, and vpn ssl can't set up ipsec tunnels.
I would like to have a secure link between the two devices.
I supposed I could extend the l2 vlan from ssl vpn interface terminated on the srx interface but isn't it more secure if we can encrypt the packet between the two devices?
As a remote user from the internet connects to ssl vpn, the communication between the remote user and the ssl vpn are encrypted(ssl tunnel). Furthermore, the remote user connects to the server behind the srx. The packets leaving ssl vpn to the servers behind the srx are unencrypted, aren't they? How would one secures the interface between the ssl vpn appliance and the srx and therefore we have end to end encrypted tunnel between the remote users to the servers behind the srx firewall?
As @supsec said, the IVE does not do tunneling/VPN connections itself for the servers it connects to.
The packets between the SRX & SA are not necessarily unencrypted; it depends on the type of server/access you are connecting to on the other side of the SRX (HTTP won't be but HTTPS will be).
Unfortunately, this particular client/server application do not yet encrypt their communication, therefore I have to find a way to compensate it. I was hoping that I can create tunnel from/to IVE to/from SRX or vice-versa.
If anyone knows the workaround, please post it in this forum.
can you please describe a little bit more the topology, as you mentionned
both the SRX and SA are in the enterprise.
In other words : where is the server, where are the clients, where are the SA and SRX, will the application require any interactive user connection, or is it for scripting ?