Great thanks Guru!
See the below:
Cisco Config
name 111.111.111.111 juniper-ip
!
object-group network juniper-ip
network-object 111.111.111.184 255.255.255.254
!
access-list ACL-juniper-ip extended permit ip object-group customer-ip-222.222.222.0_24 object-group juniper-ip
!
crypto ikev2 policy 10
encryption aes-256
integrity sha256
group 5
prf sha256
lifetime 28800
!
group-policy POLICY-GROUP-IKEV2 internal
group-policy POLICY-GROUP-IKEV2 attributes
vpn-tunnel-protocol ikev2
!
crypto ipsec ikev2 ipsec-proposal customer-ip-IKE2-ESP-AES256-SHA1
protocol esp encryption aes-256
protocol esp integrity sha-1
!
tunnel-group 111.111.111.111 type ipsec-l2l
tunnel-group 111.111.111.111 general-attributes
default-group-policy POLICY-GROUP-IKEV2
tunnel-group 111.111.111.111 ipsec-attributes
ikev2 local-authentication pre-shared-key ***********
ikev2 remote-authentication pre-shared-key ***********
!
crypto map customer-ip-MAP 995 set peer juniper-ip
crypto map customer-ip-MAP 995 set ikev2 ipsec-proposal customer-ip-IKE2-ESP-AES256-SHA1
crypto map customer-ip-MAP 995 match address ACL-juniper-ip
crypto map customer-ip-MAP 995 set security-association lifetime seconds 3600
crypto map customer-ip-MAP 995 set pfs group5
!
crypto ikev2 enable outside
Juniper Config
proposal ike-proposal {
authentication-method pre-shared-keys;
dh-group group5;
authentication-algorithm sha-256;
encryption-algorithm aes-256-cbc;
lifetime-seconds 28800;
proposal ipsec-proposal-1 {
protocol esp;
authentication-algorithm hmac-sha1-96;
encryption-algorithm aes-256-cbc;
lifetime-seconds 3600
policy ipsec-policy-1 {
perfect-forward-secrecy {
keys group5;
}
proposals ipsec-proposal-1;
}
policy ike-pol-vpn-customer-u1 {
mode main;
proposals ike-proposal;
pre-shared-key ascii-text ##
gateway gw-vpn-customer-u1 {
ike-policy ike-pol-vpn-customer-u1;
address 222.222.222.222;
local-identity inet 111.111.111.111;
external-interface ge-1/0/0.0;
general-ikeid;
version v2-only;
vpn vpn-customer-u1 {
bind-interface st0.9;
ike {
gateway gw-vpn-customer-u1;
proxy-identity {
local 111.111.111.184;
remote 222.222.222.0/24;
}
ipsec-policy ipsec-policy-1;
}
establish-tunnels immediately;
}