IPsec Juniper: Difference between revisions
(Created page with "An example of using preshared keys to a Juniper firewall. This is very simple and in practice it just worked. The Juniper needs to be configured for IKEv2, and the FireBrick...") |
(clean up) |
||
| (2 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
<indicator name="Tunnels">[[File:Menu-IPsec.svg|link=:Category:FireBrick IPsec|30px|Back up to the FireBrick IPsec Tunnels Category Page]]</indicator> |
|||
An example of using preshared keys to a Juniper firewall. |
An example of using preshared keys to a Juniper firewall. |
||
| Line 9: | Line 11: | ||
*mode - Immediate" |
*mode - Immediate" |
||
==Example FireBrick config |
==Example FireBrick config== |
||
<ipsec-ike log="ipsec" log-error="ipsec" comment="toJuniper"> |
<ipsec-ike log="ipsec" log-error="ipsec" comment="toJuniper"> |
||
| Line 16: | Line 18: | ||
You'll then want to adjust firewall rules accordingly. |
You'll then want to adjust firewall rules accordingly. |
||
[[Category:FireBrick IPsec|Juniper]] |
|||
Latest revision as of 23:59, 17 August 2018
An example of using preshared keys to a Juniper firewall.
This is very simple and in practice it just worked. The Juniper needs to be configured for IKEv2, and the FireBrick just needs the following IPSec entries:
- local-ip - The FireBrick's public IP
- peer-ips - the Juniper's public IP
- routes - What IPs to route down the IPsec tunnel
- auth-method - secret
- secret - the preshared key
- mode - Immediate"
Example FireBrick config
<ipsec-ike log="ipsec" log-error="ipsec" comment="toJuniper">
<connection name="toJuniper" local-ip="FireBrick.IP.Address" peer-ips="JUNIPER.IP.ADDRESS" graph="JuniperIPsec" routes="IPs.TO.ROUTE" log="ipsec" log-error="ipsec" auth-method="Secret" secret=PASSPHRASE" mode="Immediate" blackhole="true"/>
</ipsec-ike>
You'll then want to adjust firewall rules accordingly.