Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

IPsec Juniper

Back up to the FireBrick IPsec Tunnels Category Page
From AAISP Support Site
Revision as of 23:59, 17 August 2018 by Reedy (talk | contribs) (clean up)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


An example of using preshared keys to a Juniper firewall.

This is very simple and in practice it just worked. The Juniper needs to be configured for IKEv2, and the FireBrick just needs the following IPSec entries:

  • local-ip - The FireBrick's public IP
  • peer-ips - the Juniper's public IP
  • routes - What IPs to route down the IPsec tunnel
  • auth-method - secret
  • secret - the preshared key
  • mode - Immediate"

Example FireBrick config

  <ipsec-ike log="ipsec" log-error="ipsec" comment="toJuniper">
     <connection name="toJuniper" local-ip="FireBrick.IP.Address" peer-ips="JUNIPER.IP.ADDRESS" graph="JuniperIPsec" routes="IPs.TO.ROUTE" log="ipsec" log-error="ipsec" auth-method="Secret" secret=PASSPHRASE" mode="Immediate" blackhole="true"/>
  </ipsec-ike>

You'll then want to adjust firewall rules accordingly.

Retrieved from "http://support.aa.net.uk/index.php?title=IPsec_Juniper&oldid=13472"