Good morning/afternoon/evening all. I'm hoping someone on here might be able to helpw with some config while trying to connect a site to site VPN from an SRX220 to a Cisco ASA device.
having run the below commands and commiting, i can run
show security ike security-associations and has a state of
UPrunning show security ipsec inactive-tunnels shows SA not initiated. I've been trying for hours with this thing, and granted i'm not a Juniper expert by any long shot i'm hoping it's something really simple i'm missing.
set security ike proposal PartnerCompany_ike_proposal authentication-method pre-shared-keys
set security ike proposal PartnerCompany_ike_proposal dh-group group2
set security ike proposal PartnerCompany_ike_proposal authentication-algorithm sha1
set security ike proposal PartnerCompany_ike_proposal encryption-algorithm aes-256-cbc
set security ike proposal PartnerCompany_ike_proposal lifetime-seconds 86400
set security ike policy PartnerCompany_policy mode main
set security ike policy PartnerCompany_policy proposals PartnerCompany_ike_proposal
set security ike policy PartnerCompany_policy pre-shared-key ascii-text %secretkey%
set security ike gateway PartnerCompany_gateway ike-policy PartnerCompany_policy
set security ike gateway PartnerCompany_gateway address 1.1.1.1
set security ike gateway PartnerCompany_gateway external-interface ge-0/0/0.0
set security ipsec proposal PartnerCompany_ipsec_proposal protocol esp
set security ipsec proposal PartnerCompany_ipsec_proposal authentication-algorithm hmac-sha1-96
set security ipsec proposal PartnerCompany_ipsec_proposal encryption-algorithm aes-256-cbc
set security ipsec proposal PartnerCompany_ipsec_proposal lifetime-seconds 28800
set security ipsec policy PartnerCompany_ipsec_policy proposals PartnerCompany_ipsec_proposal
set security ipsec vpn PartnerCompany_vpn ike gateway PartnerCompany_gateway
set security ipsec vpn PartnerCompany_vpn ike ipsec-policy PartnerCompany_ipsec_policy
set security ipsec vpn PartnerCompany_vpn establish-tunnels immediately
set security ipsec vpn PartnerCompany_vpn bind-interface st0.76
set interfaces st0 unit 76 family inet
set interfaces st0 unit 76 family inet6
set interfaces st0 unit 76 description PartnerCompany
set routing-options static route 172.20.128.26/32 next-hop st0.76
set security zones security-zone trust address-book address PartnerCompanyServer 172.20.128.26/32
set security zones security-zone Internal address-book address PartnerCompanyInternal1 10.10.0.13/32
set security zones security-zone Internal address-book address PartnerCompanyInternal2 10.10.0.10/32
set security zones security-zone Internal address-book address PartnerCompanyInternal3 10.10.0.26/32
set security zones security-zone Internal address-book address-set PartnerCompanyInternalServers address PartnerCompanyInternal1
set security zones security-zone Internal address-book address-set PartnerCompanyInternalServers address PartnerCompanyInternal2
set security zones security-zone Internal address-book address-set PartnerCompanyInternalServers address PartnerCompanyInternal3
set security zones security-zone trust interfaces st0.76
set security policies from-zone trust to-zone Internal policy PartnerCompany-Policy match source-address PartnerCompanyServer
set security policies from-zone trust to-zone Internal policy PartnerCompany-Policy match destination-address PartnerCompanyInternalServers
set security policies from-zone trust to-zone Internal policy PartnerCompany-Policy match application any
set security policies from-zone trust to-zone Internal policy PartnerCompany-Policy then permit
set security policies from-zone Internal to-zone trust policy PartnerCompany-Policy match destination-address PartnerCompanyServer
set security policies from-zone Internal to-zone trust policy PartnerCompany-Policy match source-address PartnerCompanyInternalServers
set security policies from-zone Internal to-zone trust policy PartnerCompany-Policy match application any
set security policies from-zone Internal to-zone trust policy PartnerCompany-Policy then permit
Thank you to anyone reading this, and any suggestions welcome.
------------------------------
JOHNATHON THOMPSON
------------------------------