Hello Juniper Gurus,
Currently, I am trying to connect SRX 320 (Spoke) to SRX 345 ( Hub), The spoke is already configured but in the Hub when I committed, it showed this message. error: 'interface' is not a valid interface-range or alias name
On the other hand, if I can get any VPN configuration template for SRX from you, I will be thankful.
I found this link but it is not clear.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB32015&cat=EX_SERIES&actp=LIST&showDraft=false
I am sending the configuration of the Hub
set system authentication-order password
set system root-authentication encrypted-password "xxxxxx"
set system services web-management http interface fxp0.0
set system syslog file messages any any
set system processes dhcp-service traceoptions file dhcp.log
set system processes dhcp-service traceoptions flag all
set system ntp server x.x.x.x
set services flow-monitoring version9 template ipv4-test ipv4-template
set security ike traceoptions file ike.log
set security ike traceoptions flag all
deactivate security ike traceoptions
set security ike proposal ike-prop authentication-method pre-shared-keys
set security ike proposal ike-prop dh-group group2
set security ike proposal ike-prop authentication-algorithm sha1
set security ike proposal ike-prop encryption-algorithm aes-256-cbc
set security ike proposal ike-prop lifetime-seconds 3600
set security ike policy ike-pol mode aggressive
set security ike policy ike-pol proposals ike-prop
set security ike policy ike-pol pre-shared-key ascii-text "XXXXXXX"
set security ike gateway ike-gw ike-policy ike-pol
set security ike gateway ike-gw address x.x.x.x
set security ike gateway ike-gw local-identity hostname srx345-spoke-2
set security ike gateway ike-gw external-interface ge-0/0/0.0
set security ipsec proposal juniper_profile_1 protocol esp
set security ipsec proposal juniper_profile_1 authentication-algorithm hmac-sha-256-128
set security ipsec proposal juniper_profile_1 encryption-algorithm aes-256-cbc
set security ipsec proposal juniper_profile_1 lifetime-seconds 3600
set security ipsec policy juniper_profile_1 perfect-forward-secrecy keys group2
set security ipsec policy juniper_profile_1 proposals juniper_profile_1
set security ipsec vpn ipsec-vpn-s2 bind-interface st0.0
set security ipsec vpn ipsec-vpn-s2 ike gateway ike-gw
set security ipsec vpn ipsec-vpn-s2 ike ipsec-policy juniper_profile_1
set security ipsec vpn ipsec-vpn-s2 establish-tunnels immediately
set security flow tcp-mss ipsec-vpn mss 1350
set security nat source rule-set trust-to-untrust from zone trust
set security nat source rule-set trust-to-untrust to zone untrust
set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0/0
set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface
set security policies from-zone trust to-zone untrust policy default-permit match source-address any
set security policies from-zone trust to-zone untrust policy default-permit match destination-address any
set security policies from-zone trust to-zone untrust policy default-permit match application any
set security policies from-zone trust to-zone untrust policy default-permit then permit
set security policies from-zone trust to-zone vpn policy default-permit match source-address any
set security policies from-zone trust to-zone vpn policy default-permit match destination-address any
set security policies from-zone trust to-zone vpn policy default-permit match application any
set security policies from-zone trust to-zone vpn policy default-permit then permit
set security policies from-zone vpn to-zone trust policy default-permit match source-address any
set security policies from-zone vpn to-zone trust policy default-permit match destination-address any
set security policies from-zone vpn to-zone trust policy default-permit match application any
set security policies from-zone vpn to-zone trust policy default-permit then permit
set security zones security-zone untrust host-inbound-traffic system-services ike
set security zones security-zone untrust host-inbound-traffic system-services dhcp
set security zones security-zone untrust host-inbound-traffic system-services ping
set security zones security-zone untrust host-inbound-traffic system-services snmp
set security zones security-zone untrust host-inbound-traffic system-services snmp-trap
set security zones security-zone untrust interfaces ge-0/0/0.0
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust interfaces lo0.0
set security zones security-zone trust interfaces irb.10
set security zones security-zone vpn host-inbound-traffic system-services all
set security zones security-zone vpn host-inbound-traffic protocols all
set security zones security-zone vpn interfaces st0.0
set security zones security-zone test host-inbound-traffic system-services all
set security zones security-zone test host-inbound-traffic protocols all
set security zones security-zone test interfaces ge-0/0/7.0
set interfaces ge-0/0/0 description "outside connection"
set interfaces ge-0/0/0 speed 100m
deactivate interfaces ge-0/0/0 speed
set interfaces ge-0/0/0 ether-options no-auto-negotiation
set interfaces ge-0/0/0 ether-options link-mode full-duplex
deactivate interfaces ge-0/0/0 ether-options
set interfaces ge-0/0/0 unit 0 family inet dhcp-client vendor-id Juniper-srx345
set interfaces ge-0/0/1 unit 0 description "to host-3"
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/2 unit 0 description "to host-3"
set interfaces ge-0/0/2 unit 0 family inet dhcp-client
set interfaces ge-0/0/3 unit 0 description "to host-3"
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/4 unit 0 description "to host-3"
set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/5 unit 0 description "to host-3"
set interfaces ge-0/0/5 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/6 unit 0 description "to host-3"
set interfaces ge-0/0/6 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/7 disable
set interfaces ge-0/0/7 unit 0 description "to host-3"
set interfaces ge-0/0/7 unit 0 family inet dhcp-client
set interfaces ge-0/0/7 unit 0 family ethernet-switching vlan members VLAN10
deactivate interfaces ge-0/0/7 unit 0 family ethernet-switching
set interfaces ge-0/0/8 unit 0 description "to host-3"
set interfaces ge-0/0/8 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/9 unit 0 description "to host-3"
set interfaces ge-0/0/9 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/10 unit 0 description "to host-3"
set interfaces ge-0/0/10 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/11 unit 0 description "to host-3"
set interfaces ge-0/0/11 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/12 unit 0 description "to host-3"
set interfaces ge-0/0/12 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/13 unit 0 description "to host-3"
set interfaces ge-0/0/13 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/14 unit 0 description "to host-3"
set interfaces ge-0/0/14 unit 0 family ethernet-switching vlan members VLAN10
set interfaces ge-0/0/15 unit 0 description "to host-3"
set interfaces ge-0/0/15 unit 0 family ethernet-switching vlan members VLAN10
set interfaces fxp0 unit 0 family inet address x.x.x.x/25
set interfaces irb unit 10 family inet address x.x.x.x/27
set interfaces lo0 unit 0 family inet address x.x.x.x/32
set interfaces st0 unit 0 family inet mtu 1400
set interfaces st0 unit 0 family inet address x.x.x.x/24
set routing-options static route x.x.0.0/16 next-hop x.x.x.x
set routing-options static route x.x.0.0/16 next-hop x.x.x.x
set routing-options static route x.x.x.x/24 next-hop 10.1.10.1
set routing-options static route x.x.x.x/32 next-hop 10.1.10.1
set routing-options router-id x.x.x.x
set protocols ospf area 0.0.0.3 interface st0.0 interface-type p2p
set protocols ospf area 0.0.0.3 interface st0.0 hello-interval 20
set protocols ospf area 0.0.0.3 interface st0.0 dead-interval 300
set protocols ospf area 0.0.0.3 interface st0.0 neighbor x.x.x.x
set protocols ospf area 0.0.0.3 interface lo0.0 passive
set protocols ospf area 0.0.0.3 interface irb.10 passive
set routing-instances test instance-type virtual-router
set routing-instances test interface ge-0/0/7.0
set vlans VLAN10 vlan-id 10
set vlans VLAN10 l3-interface irb.10
=========================================
Lab@SRX345-HUB# commit
error: 'interface' is not a valid interface-range or alias name