IPsec Juniper: Difference between revisions

Revision as of 15:30, 10 September 2015

An example of using preshared keys to a Juniper firewall.

This is very simple and in practice it just worked. The Juniper needs to be configured for IKEv2, and the FireBrick just needs the following IPSec entries:

local-ip - The FireBrick's public IP
peer-ips - the Juniper's public IP
routes - What IPs to route down the IPsec tunnel
auth-method - secret
secret - the preshared key
mode - Immediate"

Example FireBrick config:

  <ipsec-ike log="ipsec" log-error="ipsec" comment="toJuniper">
     <connection name="toJuniper" local-ip="FireBrick.IP.Address" peer-ips="JUNIPER.IP.ADDRESS" graph="JuniperIPsec" routes="IPs.TO.ROUTE" log="ipsec" log-error="ipsec" auth-method="Secret" secret=PASSPHRASE" mode="Immediate" blackhole="true"/>
  </ipsec-ike>

You'll then want to adjust firewall rules accordingly.

Revision as of 15:29, 10 September 2015 (view source) AA-Andrew (talk \| contribs) mNo edit summary ← Older edit		Revision as of 15:30, 10 September 2015 (view source) AA-Andrew (talk \| contribs) mNo edit summary Newer edit →
Line 18:		Line 18:

	You'll then want to adjust firewall rules accordingly.		You'll then want to adjust firewall rules accordingly.


			[[Category:FireBrick_IPsec\|Juniper]]