Quantcast
Channel: SRX Services Gateway topics
Viewing all articles
Browse latest Browse all 3959

LAB SRX 540 To MX-140 IPSEC Tunnel

April 11, 2018, 12:41 pm
$
0
0

1.1.1.1--------MX---------xe-2/0/0----------------------------------------------XE-2/0/0--SRX-----2.2.2.2
                                           10.0.1.1/30                                                    10.0.1.2/30

 

 

set services service-set ipsec_ss_ms_0_2_0 next-hop-service inside-service-interface ms-0/2/0.1
set services service-set ipsec_ss_ms_0_2_0 next-hop-service outside-service-interface ms-0/2/0.2
set services service-set ipsec_ss_ms_0_2_0 ipsec-vpn-options local-gateway 10.0.1.1
set services service-set ipsec_ss_ms_0_2_0 ipsec-vpn-rules vpn_rule_ms_0_2_0_01
set services ipsec-vpn rule vpn_rule_ms_0_2_0_01 term term1 from source-address 1.1.1.1/32
set services ipsec-vpn rule vpn_rule_ms_0_2_0_01 term term1 from destination-address 2.2.2.2/32
set services ipsec-vpn rule vpn_rule_ms_0_2_0_01 term term1 then remote-gateway 10.0.1.2
set services ipsec-vpn rule vpn_rule_ms_0_2_0_01 term term1 then dynamic ike-policy ike_policy_ms_0_2_0
set services ipsec-vpn rule vpn_rule_ms_0_2_0_01 term term1 then dynamic ipsec-policy ipsec_policy_ms_0_2_0
set services ipsec-vpn rule vpn_rule_ms_0_2_0_01 term term1 then anti-replay-window-size 4096
set services ipsec-vpn rule vpn_rule_ms_0_2_0_01 match-direction input
set services ipsec-vpn ipsec proposal ipsec_proposal_ms_0_2_0 protocol esp
set services ipsec-vpn ipsec proposal ipsec_proposal_ms_0_2_0 authentication-algorithm hmac-sha1-96
set services ipsec-vpn ipsec proposal ipsec_proposal_ms_0_2_0 encryption-algorithm aes-128-cbc
set services ipsec-vpn ipsec policy ipsec_policy_ms_0_2_0 perfect-forward-secrecy keys group2
set services ipsec-vpn ipsec policy ipsec_policy_ms_0_2_0 proposals ipsec_proposal_ms_0_2_0
set services ipsec-vpn ike proposal ike_proposal_ms_0_2_0 authentication-method pre-shared-keys
set services ipsec-vpn ike proposal ike_proposal_ms_0_2_0 dh-group group19
set services ipsec-vpn ike proposal ike_proposal_ms_0_2_0 authentication-algorithm sha1
set services ipsec-vpn ike proposal ike_proposal_ms_0_2_0 encryption-algorithm aes-128-cbc
set services ipsec-vpn ike policy ike_policy_ms_0_2_0 proposals ike_proposal_ms_0_2_0
set services ipsec-vpn ike policy ike_policy_ms_0_2_0 pre-shared-key ascii-text "$9$f5nCOBEyeWRh"

 

set interfaces ms-0/2/0 unit 0 family inet
set interfaces ms-0/2/0 unit 1 family inet
set interfaces ms-0/2/0 unit 1 family inet6
set interfaces ms-0/2/0 unit 1 service-domain inside
set interfaces ms-0/2/0 unit 2 family inet
set interfaces ms-0/2/0 unit 2 family inet6
set interfaces ms-0/2/0 unit 2 service-domain outside
set interfaces xe-2/0/0 description IPSEC
set interfaces xe-2/0/0 unit 0 family inet address 10.0.1.1/30

 

set interfaces lo0 unit 2 family inet address 1.1.1.1/32
set routing-options static route 2.2.2.2/32 next-hop ms-0/2/0.1

 

SRX:

 

set security ike proposal ike-phase1-proposal authentication-method pre-shared-keys
set security ike proposal ike-phase1-proposal dh-group group19
set security ike proposal ike-phase1-proposal authentication-algorithm sha1
set security ike proposal ike-phase1-proposal encryption-algorithm aes-128-cbc
set security ike policy ike-phase1-policy mode main
set security ike policy ike-phase1-policy proposals ike-phase1-proposal
set security ike policy ike-phase1-policy pre-shared-key ascii-text "$9$FJHK3A0Ehrv87yl"
set security ike gateway ike-gw ike-policy ike-phase1-policy
set security ike gateway ike-gw address 10.0.1.1
set security ike gateway ike-gw local-identity inet 10.0.1.2
set security ike gateway ike-gw remote-identity inet 10.0.1.1
set security ike gateway ike-gw external-interface xe-2/2/0
set security ipsec traceoptions flag all
set security ipsec proposal ipsec-phase2-proposal protocol esp
set security ipsec proposal ipsec-phase2-proposal authentication-algorithm hmac-sha1-96
set security ipsec proposal ipsec-phase2-proposal encryption-algorithm aes-128-cbc
set security ipsec policy vpn-policy1 perfect-forward-secrecy keys group2
set security ipsec policy vpn-policy1 proposals ipsec-phase2-proposal
set security ipsec vpn ike-vpn bind-interface st0.0
set security ipsec vpn ike-vpn vpn-monitor
set security ipsec vpn ike-vpn ike gateway ike-gw
set security ipsec vpn ike-vpn ike ipsec-policy vpn-policy1
set security ipsec vpn ike-vpn establish-tunnels immediately
set security policies from-zone trust to-zone trust policy All match source-address any
set security policies from-zone trust to-zone trust policy All match destination-address any
set security policies from-zone trust to-zone trust policy All match application any
set security policies from-zone trust to-zone trust policy All then permit
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces xe-2/2/0.0
set security zones security-zone trust interfaces lo0.2
set security zones security-zone trust interfaces st0.0
set interfaces xe-2/2/0 unit 0 family inet address 10.0.1.2/30
set interfaces lo0 unit 2 family inet address 2.2.2.2/32
set interfaces st0 unit 0
set routing-options static route 1.1.1.1/32 next-hop st0.0

 

The tunnel is not up. What config am i missing? 

 

Thank you for the help 

Nils. 

 

Search
Viewing all articles
Browse latest Browse all 3959

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

February 16, 2017, 4:24 pm

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

January 5, 2014, 10:34 pm

Ominde Commission Report and Recommendations – Ominde Report of 1964

March 16, 2015, 5:14 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

March 26, 2017, 11:23 pm

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

October 17, 2016, 7:20 am

Mp3 Download: Mdu - Kunjenjenjena

December 7, 2017, 8:16 am

How the kill the job , when DTP request running for long hours.

July 26, 2013, 2:41 am

Microsoft Intune から展開しているアプリのアップデートについて

October 17, 2016, 4:11 am

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

September 1, 2017, 10:00 pm

Car crash in Dunton Bassett leaves driver in critical condition

October 7, 2014, 7:51 am

Macky 2, Two Others In Road Accident

March 29, 2015, 5:34 am

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

May 14, 2015, 11:27 pm

Detroit mafia: D’Anna Brothers agree to plea deal

April 21, 2016, 6:56 am

Delivery block field greyed out using VA02

January 26, 2016, 2:52 pm

Muloraki Au

June 22, 2016, 1:44 am

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出w【リベンジポルノ】@PornHub

October 12, 2017, 2:23 pm

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

February 9, 2018, 4:56 am

FIAT 500 B0111 B0112

July 5, 2018, 10:31 am
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>