Juniper Policy VPN Question

[howler]

We have 20 or so VPN's that I have been configuring on our SSG 140 this morning

I have set these up as policy based VPN's, however half way through doing so I realised that my Policy list is pretty 'busy'

Is having a seperate policy for each VPN tunnel going to affect performance or is it going to be negligable? Is the VPN connection at the bottom of the policy going to be experiencing slightly slower speeds?

Just want to make sure if this is going to be efficient or if I should do it another way

Thanks

 

[atomiser]

sorry i didnt see this sooner.

i think it's going to be a pre-requisite that you you have a policy for each vpn (assuming you want to actually get traffic across it ofcourse...!!!), since it's only within the policy configuration itself where you opt to tunnel the traffic into the vpn.

bear in mind that rules will also be duplicated in the other direction, assuming you need bi-directional traffic across the vpn.

obviously the ruleset is top-down in terms of order, so you just need to be careful with the placement of deny rules, but i cant really see the placement of these vpn rules having much of an issue in terms of performance.

how many networks are you connecting to via vpn, and what are the requirements in terms of traffic direction?

edit: hit me on msn sometime if you like, address in trust.