Configuring Interfaces SRX-B set interfaces ge-0/0/0 unit 0 family inet address 10.2.2.254/24 set interfaces ge-0/0/3 unit 0 family inet address 192.168.1.1 set interfaces st0 unit 1 family inet address 10.11.11.11/24 set routing-options static route 0.0.0.0/0 next-hop pp0.0 set routing-options static route 10.1.1.0/24 next-hop st0.1 set security zones security-zone untrust interfaces ge-0/0/1.0 set security zones security-zone untrust host-inbound-traffic system-services ike set security zones security-zone trust interfaces ge-0/0/0.0 set security zones security-zone trust host-inbound-traffic system-services all CONFIGURING IKE Phase 1(SRX-B) set security ike proposal IKE-PROP lifetime-seconds 3600 set security ike proposal IKE-PROP authentication-method pre-shared-keys set security ike proposal IKE-PROP authentication-algorithm sha-256 set security ike proposal IKE-PROP encryption-algorithm aes-256-cbc set security ike proposal IKE-PROP dh-group group2 set security ike policy IKE-POL mode main set security ike policy IKE-POL proposals IKE-PROP set security ike policy IKE-POL pre-shared-key ascii-text letssayadifficultpassword set security ike gateway IKE-GW external-interface ge-0/0/1.0 set security ike gateway IKE-GW ike-policy IKE-POL set security ike gateway IKE-GW address 77.58.14.56 set security zones security-zone Untrust host-inbound-traffic system-services ike Configuring IKE Phase 2(Both Devices) //allagi kai auta set security ipsec proposal IPSEC-PROP lifetime-seconds 3600 set security ipsec proposal IPSEC-PROP protocol esp set security ipsec proposal IPSEC-PROP authentication-algorithm hmac-sha-256-128 set security ipsec proposal IPSEC-PROP encryption-algorithm aes-256-cbc set security ipsec policy IPSEC-POL proposals IPSEC-PROP set security ipsec policy IPSEC-POL perfect-forward-secrecy keys group2 set security ipsec vpn IPSEC-VPN ike gateway IKE-GW set security ipsec vpn IPSEC-VPN ike ipsec-policy IPSEC-POL set security ipsec vpn IPSEC-VPN vpn-monitor set security ipsec vpn IPSEC-VPN establish-tunnels immediately set security ipsec vpn IPSEC-VPN bind-interface st0.1 Configure Tunnel Interface and Routing Both Devices: set interfaces st0 unit 1 family inet set security zones security-zone VPN interfaces st0.1 SRX-B set routing-options static route 10.1.1.0/24 next-hop st0.1 Configuring Security Policy Address book (both devices): set security address-book global address Network-A 10.1.1.0/24 set security address-book global address Network-B 10.2.2.0/24 Security Policies(SRX-B) set security policies from-zone trust to-zone VPN policy Trust-to-VPN match source-address Network-B destination-address Network-A application any set security policies from-zone trust to-zone VPN policy Trust-to-VPN then permit set security policies from-zone VPN to-zone trust policy VPN-to-Trust match source-address Network-A destination-address Network-B application any set security policies from-zone VPN to-zone trust policy VPN-to-Trust then permit Verifying the VPN show security ike security-associations show security ipsec security-associations show security ipsec statistics show route