SRX

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  SRX ipsec with Fritzbox

    Posted 05-19-2020 02:33

    Good day,

     

    i try to esteblish a tunnel with a Juniper SRX 210 on one side and a AVM Fritzbox on the other side.

    I found http://ebsa.nl/Home/Site_to_Site_VPN_Juniper_SRX_to_Fritz%21Box and it looks like the tunnel is up but the srx isn't receiving data.  (also with 3des-cbc)

     

    There is however a default option to connect to "a company firewall" wich would be the prefered solution

    this option requiers "VPN user name (Key ID):" and a PSK.

    but i have no idea what the username should be.

     

    Any information would be appriciated.



  • 2.  RE: SRX ipsec with Fritzbox
    Best Answer

    Posted 05-19-2020 03:17

    Looks like the solution is simpeler than expected

    On the fritzbox side choose connect to another fritzbox.

     

    On the srx

    edit security ike

    policy fb-test {
        mode aggressive;
        proposal-set compatible;
        pre-shared-key ascii-text "the pre-shared-key"; ## SECRET-DATA
    }
    gateway fb-test {
        ike-policy fb-test;
        address ip-of-the-fritzbox;
        external-interface ge-0/0/0;
        version v1-only;
    }

    edit security ipsec

    proposal fritzbox {
        protocol esp;
        authentication-algorithm hmac-sha1-96;
        encryption-algorithm aes-256-cbc;
        lifetime-seconds 3600;
    }
    
    policy fb-test {
        perfect-forward-secrecy {
            keys group2;
        }
        proposals fritzbox;
    }
    
    vpn fb-test {
        bind-interface st0.1;
        ike {
            gateway fb-test;
            ipsec-policy fb-test;
        }
        establish-tunnels immediately;
    }
    

     



  • 3.  RE: SRX ipsec with Fritzbox

    Posted 02-17-2022 09:36
    I know this is an old thread but the thing that got this working for me last night was:

    On the FritzBox: after selecting "Connect your home network with another FRITZ!Box network (LAN-LAN linkup)" and clicking Next, use IP addresses where it asks for "Web address of the remote site" and "Web address of this FRITZ!Box".

    On the Juniper: The IKE Gateway settings are as above, using the IP address of the FritzBox.  The only other setting I needed was "
    local-identity inet ip.of.the.juniper" because my Juniper is behind another device that does NAT.

    I tried using DNS names originally but couldn't get it to work.  Using IP addresses everywhere bought it up straight away.


    ------------------------------
    Jeff Slattery
    ------------------------------