SRX

Back to discussions
Expand all | Collapse all

SRX ipsec with Fritzbox

Jump to Best Answer

  • 1.  SRX ipsec with Fritzbox

    Posted 05-19-2020 02:33

    Good day,

     

    i try to esteblish a tunnel with a Juniper SRX 210 on one side and a AVM Fritzbox on the other side.

    I found http://ebsa.nl/Home/Site_to_Site_VPN_Juniper_SRX_to_Fritz%21Box and it looks like the tunnel is up but the srx isn't receiving data.  (also with 3des-cbc)

     

    There is however a default option to connect to "a company firewall" wich would be the prefered solution

    this option requiers "VPN user name (Key ID):" and a PSK.

    but i have no idea what the username should be.

     

    Any information would be appriciated.



  • 2.  RE: SRX ipsec with Fritzbox
    Best Answer

    Posted 05-19-2020 03:17

    Looks like the solution is simpeler than expected

    On the fritzbox side choose connect to another fritzbox.

     

    On the srx

    edit security ike

    policy fb-test {
    mode aggressive;
    proposal-set compatible;
    pre-shared-key ascii-text "the pre-shared-key"; ## SECRET-DATA
}
gateway fb-test {
    ike-policy fb-test;
    address ip-of-the-fritzbox;
    external-interface ge-0/0/0;
    version v1-only;
}

    edit security ipsec

    proposal fritzbox {
    protocol esp;
    authentication-algorithm hmac-sha1-96;
    encryption-algorithm aes-256-cbc;
    lifetime-seconds 3600;
}

policy fb-test {
    perfect-forward-secrecy {
        keys group2;
    }
    proposals fritzbox;
}

vpn fb-test {
    bind-interface st0.1;
    ike {
        gateway fb-test;
        ipsec-policy fb-test;
    }
    establish-tunnels immediately;
}