AutoVPN spokes

AutoVPN allows network administrators to configure the hub in a hub-and-spoke IPsec VPN topology for current and future client device connections. No configuration changes are required on the hub when spoke devices are added or deleted, thus allowing administrators flexibility in managing large-scale network deployments. AutoVPN is supported on route-based IPsec VPNs. AutoVPN traffic must be IPv4. Dynamic routing protocols are supported to forward packets through the VPN tunnels. The supported authentication for AutoVPN hubs and spokes is X.509 public key infrastructure (PKI) certificates. The group IKE user type configured on the hub allows strings to be specified to match the alternate subject field in spoke certificates. Partial matches for the subject fields in spoke certificates can also be specified. AutoVPN is configured and managed on SRX Series devices using the CLI. Multiple AutoVPN hubs can be configured on a single SRX Series device. The maximum number of spokes supported by a configured hub is specific to the model of the SRX Series device. AutoVPN supports VPN monitoring and dead peer detection.