Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
With the latest Apple iOS improvements, and support for IKEv2, it's now possible to establish a VPN connection between Apple iPhone/iPad devices and Juniper SRX devices. Note: You must have Apple iOS 9.x installed and have access to an Apple MAC to prepare an Apple VPN profile. Read Milan...
8 Comments - If you are using plain IKEv2/IPsec I don't see the need for a license, but then it cannot be authenticated on username+password
Starting with version 15.1X49-D80.4 the Juniper SRX supports dialup vpn over a connection to port 443 with the NCP client. It needs some specific configuration to get that working and we found out the hard way. So, we have decided to share it here. Thank you Valentijn and Jasper for helping me...
4 Comments - Hi, Do we need any license to implement this?
set system login user lab uid 2000 set system login user lab class super-user set system login user lab authentication encrypted-password "$1$s95t$az6TXbMwo4FChdBEp/06d1" set system services ftp set system services ssh set system services telnet set system syslog archive size 100k set system syslog archive files 3 set system syslog user * any emergency set system syslog file messages any critical set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set system max-configurations-on-flash 5 set system max-configuration-rollbacks 5 set system license autoupdate url https://ae1.juniper.net/junos/key retrieval set interfaces fe-0/0/0 unit 0 family inet address 10.0.0.1/30 set interfaces fe-0/0/0 unit 0 family iso set interfaces fe-0/0/0 unit 0 family inet6 set interfaces fe-0/0/1 unit 0 family inet address 10.0.0.2/30 set interfaces fe-0/0/1 unit 0 family iso set interfaces fe-0/0/1 unit 0 family inet6 set interfaces fe-0/0/2 vlan-tagging set interfaces fe-0/0/2 unit 0 vlan-id 0 set interfaces fe-0/0/2 unit 0 family inet address 192.168.0.1/30 set interfaces fe-0/0/2 unit 1 vlan-id 1 set interfaces fe-0/0/2 unit 1 family inet address 24.0.0.1/30 set interfaces fe-0/0/3 vlan-tagging set interfaces fe-0/0/3 unit 0 vlan-id 0 set interfaces fe-0/0/3 unit 0 family inet address 192.168.0.2/30 set interfaces fe-0/0/3 unit 1 vlan-id 1 set interfaces fe-0/0/3 unit 1 family inet address 24.0.0.2/30 set interfaces fe-0/0/5 unit 0 family ethernet-switching vlan members vlan-trust set interfaces fe-0/0/6 unit 0 family ethernet-switching vlan members vlan-trust set interfaces fe-0/0/7 unit 0 family inet filter input ICMP deactivate interfaces fe-0/0/7 unit 0 family inet filter set interfaces fe-0/0/7 unit 0 family inet dhcp-client set interfaces lo0 unit 0 family inet address 1.1.1.1/32 set interfaces lo0 unit 0 family iso address 49.0000.0010.0100.1001.00 set interfaces lo0 unit 1 family inet address 2.2.2.2/32 set interfaces lo0 unit 1 family iso address 49.0000.0020.0200.2002.00 set interfaces lo0 unit 2 family inet address 10.0.0.1/32 set interfaces lo0 unit 3 family inet address 10.0.0.2/32 set interfaces lo0 unit 4 family inet address 36.0.0.1/32 set interfaces vlan unit 0 family inet address 192.168.1.1/24 set protocols stp set policy-options policy-statement EXPLOOP from protocol direct set policy-options policy-statement EXPLOOP from route-filter 36.0.0.1/32 exact set policy-options policy-statement EXPLOOP then accept set policy-options policy-statement NHS term 1 from protocol direct set policy-options policy-statement NHS term 1 then accept set policy-options policy-statement NHS term 2 then next-hop self set security forwarding-options family inet6 mode packet-based set security forwarding-options family mpls mode packet-based set firewall filter ICMP term ICMP from protocol icmp set firewall filter ICMP term ICMP from icmp-type echo-request set firewall filter ICMP term ICMP then count ICMP entrant set firewall filter ICMP term ICMP then discard set firewall filter ICMP term ELSE then count Le RESTE set firewall filter ICMP term ELSE then accept set routing-instances R1 instance-type virtual-router set routing-instances R1 interface fe-0/0/0.0 set routing-instances R1 interface lo0.0 set routing-instances R1 protocols ospf area 0.0.0.0 interface fe-0/0/0.0 set routing-instances R1 protocols ospf area 0.0.0.0 interface lo0.0 passive set routing-instances R1 protocols isis interface fe-0/0/0.0 level 1 disable set routing-instances R1 protocols isis interface lo0.0 set routing-instances R2 instance-type virtual-router set routing-instances R2 interface fe-0/0/1.0 set routing-instances R2 interface lo0.1 set routing-instances R2 protocols ospf area 0.0.0.0 interface lo0.1 passive set routing-instances R2 protocols ospf area 0.0.0.0 interface fe-0/0/1.0 set routing-instances R2 protocols isis interface fe-0/0/1.0 level 1 disable set routing-instances R2 protocols isis interface lo0.1 set routing-instances RB1 instance-type virtual-router set routing-instances RB1 interface fe-0/0/2.0 set routing-instances RB1 interface lo0.2 set routing-instances RB1 routing-options static route 10.0.0.2/32 next-hop 192.168.0.2 set routing-instances RB1 routing-options autonomous-system 65000 set routing-instances RB1 protocols bgp group INTERNE type internal set routing-instances RB1 protocols bgp group INTERNE local-address 10.0.0.1 set routing-instances RB1 protocols bgp group INTERNE neighbor 10.0.0.2 set routing-instances RB2 instance-type virtual-router set routing-instances RB2 interface fe-0/0/2.1 set routing-instances RB2 interface fe-0/0/3.0 set routing-instances RB2 interface lo0.3 set routing-instances RB2 routing-options static route 10.0.0.1/32 next-hop 192.168.0.1 set routing-instances RB2 routing-options autonomous-system 65000 set routing-instances RB2 protocols bgp group INTERNE type internal set routing-instances RB2 protocols bgp group INTERNE local-address 10.0.0.2 set routing-instances RB2 protocols bgp group INTERNE export NHS set routing-instances RB2 protocols bgp group INTERNE neighbor 10.0.0.1 set routing-instances RB2 protocols bgp group EXTERNE type external set routing-instances RB2 protocols bgp group EXTERNE neighbor 24.0.0.2 peer-as 65001 set routing-instances RB3 instance-type virtual-router set routing-instances RB3 interface fe-0/0/3.1 set routing-instances RB3 interface lo0.4 set routing-instances RB3 routing-options autonomous-system 65001 set routing-instances RB3 protocols bgp group EXTERNE type external set routing-instances RB3 protocols bgp group EXTERNE export EXPLOOP set routing-instances RB3 protocols bgp group EXTERNE neighbor 24.0.0.1 peer-as 65000 set vlans vlan-trust vlan-id 3 set vlans vlan-trust l3-interface vlan.0 Notes If you have a look at routing instances RB1, RB2, and RB3 connected via ports fe-0/0/2 and fe-0/0/3, there are three more routers running IBGP and eBGP to check how next-hop self option works
1 Comment - no search term matches found in comments.
See matching posts in thread - The number of ogical systems allowed withou ...
See matching posts in thread - AppSecure is the only function you can buy as a ...
See matching posts in thread - ## SECRET-DATA ) name-server ( 8.8.8.8; ) name-r...