SRX

Expand all | Collapse all

SRX ipsec with Fritzbox

Jump to Best Answer
  • 1.  SRX ipsec with Fritzbox

    Posted 05-19-2020 02:33

    Good day,

     

    i try to esteblish a tunnel with a Juniper SRX 210 on one side and a AVM Fritzbox on the other side.

    I found http://ebsa.nl/Home/Site_to_Site_VPN_Juniper_SRX_to_Fritz%21Box and it looks like the tunnel is up but the srx isn't receiving data.  (also with 3des-cbc)

     

    There is however a default option to connect to "a company firewall" wich would be the prefered solution

    this option requiers "VPN user name (Key ID):" and a PSK.

    but i have no idea what the username should be.

     

    Any information would be appriciated.



  • 2.  RE: SRX ipsec with Fritzbox
    Best Answer

    Posted 05-19-2020 03:17

    Looks like the solution is simpeler than expected

    On the fritzbox side choose connect to another fritzbox.

     

    On the srx

    edit security ike

    policy fb-test {
        mode aggressive;
        proposal-set compatible;
        pre-shared-key ascii-text "the pre-shared-key"; ## SECRET-DATA
    }
    gateway fb-test {
        ike-policy fb-test;
        address ip-of-the-fritzbox;
        external-interface ge-0/0/0;
        version v1-only;
    }

    edit security ipsec

    proposal fritzbox {
        protocol esp;
        authentication-algorithm hmac-sha1-96;
        encryption-algorithm aes-256-cbc;
        lifetime-seconds 3600;
    }
    
    policy fb-test {
        perfect-forward-secrecy {
            keys group2;
        }
        proposals fritzbox;
    }
    
    vpn fb-test {
        bind-interface st0.1;
        ike {
            gateway fb-test;
            ipsec-policy fb-test;
        }
        establish-tunnels immediately;
    }