HomeНаука и техникаRelated VideosMore From: JuniperNetworks

Configuring Route-Based Site-to-Site IPSec VPN on the SRX

200 ratings | 40647 views
The Configuring Route-Based Site-to-Site IPsec VPN on the SRX Series Learning Byte discusses the configuration of a secure VPN tunnel between two Juniper Networks SRX-series devices. The concept of route-based VPN is briefly discussed and the commands needed to configure and monitor the VPN are shown. This Learning Byte is appropriate for beginner to intermediate level engineers who want to start configuring IPsec VPNs on their SRX devices. Presenter: Petr Klimai, Juniper Ambassador, JNCI Relevant to Junos OS Releases: All Junos releases Relevant to Juniper Platforms: SRX Series
Html code for embedding videos on your blog
Text Comments (18)
Dennis Reyes (1 month ago)
Excellent Tutorial! Very Straight forward and well explained
saleh rafiee (5 months ago)
can you please send the script commands?
Mr JAZ (9 months ago)
Very useful in helping me get our VPN configured. Thanks for sharing your knowledge!
Fabio Marino (1 year ago)
Simply perfect
Adam Jeo (1 year ago)
Clear all explanation good video for learning VPNs setting people helpful Video.. http://recommendedvpn.com/
Justin Walsh (1 year ago)
excellent very good explanation
iMPRE7ed (1 year ago)
I had a great challenge setting up GRE over IPSec between SRX and Cisco and SRX and Fortigate in my days, such a pain when you just know few things about IPSec or firewall on Juniper, lol. Oh, and not to mention a freaking D-link. Just needed to get OSPF and other things working over it properly. Would be interesting to hear about those all parameters additionally, or how to get a gre tunnel over that as well, though :) For IPSec recap - Thanks Petr, that's really well explained.
aungbo bo (1 year ago)
Very nice and clear explanation. Thanks
ibobsie (2 years ago)
what an absolutely fantastic tutorial.....this is amazing...something i found totally mind blowing is now graspable. thank you so much
Reynaldo Silva (2 years ago)
Great tutorial sir! Could you share this txt configuration? I would like to try it in my lab Best Regards!
Levan (3 months ago)
SRXA set security ike proposal IKE-PROP lifetime-seconds 3600 set security ike proposal IKE-PROP authentication-method pre-shared-keys set security ike proposal IKE-PROP authentication-algorithm sha1 set security ike proposal IKE-PROP encryption-algorithm aes-128-cbc set security ike proposal IKE-PROP dh-group group5 set security ike policy IKE-POL proposals IKE-PROP set security ike policy IKE-POL mode main set security ike policy IKE-POL pre-shared-key ascii-text juniper set security ike gateway IKE-GW ike-policy IKE-POL set security ike gateway IKE-GW address xx.xx.xx.xx set security ike gateway IKE-GW external-interface ge-0/0/0.0 set security zone security-zone Internet host-inbound-traffic system-services ike set routing-options static route 192.168.2.0/24 next-hop st0.1 set security policies from-zone Internal to-zone VPN policy Internal-to-VPN match source-address Network-A destination-address Network-B application any set security policies from-zone Internal to-zone VPN policy Internal-to-VPN then permit set security policies from-zone VPN to-zone Internal policy VPN-to-Internal match source-address Network-B destination-address Network-A application any set security policies from-zone VPN to-zone Internal policy VPN-to-Internal then permit --same on both -- set security ipsec proposal IPSEC-PROP lifetime-seconds 3600 set security ipsec proposal IPSEC-PROP protocol esp set security ipsec proposal IPSEC-PROP authentication-algorithm hmac-sha1-96 set security ipsec proposal IPSEC-PROP encryption-algorithm aes-128-cbc set security ipsec policy IPSEC-POL propsals IPSEC-PROP set security ipsec policy IPSEC-POL perfect-forward-secrecy keys group5 set security ipsec vpn IPSEC-VPN ike gateway IKE-GW set security ipsec vpn IPSEC-VPN ike ipsec-policy IPSEC-POL set security ipsec vpn IPSEC-VPN vpn-monitor set security ipsec vpn IPSEC-VPN establish-tunnels immediately set security ipsec vpn IPSEC-VPN bind-interface st0.1 set interfaces st0 unit 1 family inet set security zones security-zone VPN interfaces st0.1 set security address-book global address Network-A 192.168.1.0/24 set security address-book global address Network-B 192.168.2.0/24 --- SRXB set security ike proposal IKE-PROP lifetime-seconds 3600 set security ike proposal IKE-PROP authentication-method pre-shared-keys set security ike proposal IKE-PROP authentication-algorithm sha1 set security ike proposal IKE-PROP encryption-algorithm aes-128-cbc set security ike proposal IKE-PROP dh-group group5 set security ike policy IKE-POL proposals IKE-PROP set security ike policy IKE-POL mode main set security ike policy IKE-POL pre-shared-key ascii-text juniper set security ike gateway IKE-GW ike-policy IKE-POL set security ike gateway IKE-GW address xx.xx.xx.xx set security ike gateway IKE-GW external-interface ge-0/0/0.0 set security zone security-zone Internet host-inbound-traffic system-services ike set routing-options static route 192.168.1.0/24 next-hop st0.1 set security policies from-zone Internal to-zone VPN policy Internal-to-VPN match source-address Network-B destination-address Network-A application any set security policies from-zone Internal to-zone VPN policy Internal-to-VPN then permit set security policies from-zone VPN to-zone Internal policy VPN-to-Internal match source-address Network-A destination-address Network-B application any set security policies from-zone VPN to-zone Internal policy VPN-to-Internal then permit
Bedevere Curry (3 years ago)
amazing job
Jaroslaw Wojtow (3 years ago)
Thanks. Very good work
Suresh Kumar (3 years ago)
Thank you very much.!
Amjad Abuaysheh (3 years ago)
Very clear . Thanks you sir!
Naresh Medaram (3 years ago)
Ultimate sir.......nice and clear explanation
Michael Falzon (3 years ago)
great tutorial but pfsense is better
Michael Ndlovu (3 years ago)
great tutorial, thank you sir

Would you like to comment?

Join YouTube for a free account, or sign in if you are already a member.