IPsec Juniper: Difference between revisions

Back up to the FireBrick IPsec Tunnels Category Page
From AAISP Support Site
(Created page with "An example of using preshared keys to a Juniper firewall. This is very simple and in practice it just worked. The Juniper needs to be configured for IKEv2, and the FireBrick...")
 
(clean up)
 
(2 intermediate revisions by one other user not shown)
Line 1: Line 1:
<indicator name="Tunnels">[[File:Menu-IPsec.svg|link=:Category:FireBrick IPsec|30px|Back up to the FireBrick IPsec Tunnels Category Page]]</indicator>

An example of using preshared keys to a Juniper firewall.
An example of using preshared keys to a Juniper firewall.


Line 9: Line 11:
*mode - Immediate"
*mode - Immediate"


==Example FireBrick config:==
==Example FireBrick config==


<ipsec-ike log="ipsec" log-error="ipsec" comment="toJuniper">
<ipsec-ike log="ipsec" log-error="ipsec" comment="toJuniper">
Line 16: Line 18:


You'll then want to adjust firewall rules accordingly.
You'll then want to adjust firewall rules accordingly.


[[Category:FireBrick IPsec|Juniper]]

Latest revision as of 23:59, 17 August 2018


An example of using preshared keys to a Juniper firewall.

This is very simple and in practice it just worked. The Juniper needs to be configured for IKEv2, and the FireBrick just needs the following IPSec entries:

  • local-ip - The FireBrick's public IP
  • peer-ips - the Juniper's public IP
  • routes - What IPs to route down the IPsec tunnel
  • auth-method - secret
  • secret - the preshared key
  • mode - Immediate"

Example FireBrick config

  <ipsec-ike log="ipsec" log-error="ipsec" comment="toJuniper">
     <connection name="toJuniper" local-ip="FireBrick.IP.Address" peer-ips="JUNIPER.IP.ADDRESS" graph="JuniperIPsec" routes="IPs.TO.ROUTE" log="ipsec" log-error="ipsec" auth-method="Secret" secret=PASSPHRASE" mode="Immediate" blackhole="true"/>
  </ipsec-ike>

You'll then want to adjust firewall rules accordingly.