I know this is an old thread but the thing that got this working for me last night was:
On the FritzBox: after selecting "
Connect your home network with another FRITZ!Box network (LAN-LAN linkup)" and clicking Next, use IP addresses where it asks for "Web address of the remote site" and "Web address of this FRITZ!Box".
On the Juniper: The IKE Gateway settings are as above, using the IP address of the FritzBox. The only other setting I needed was "local-identity inet ip.of.the.juniper" because my Juniper is behind another device that does NAT.
I tried using DNS names originally but couldn't get it to work. Using IP addresses everywhere bought it up straight away.------------------------------
Jeff Slattery
------------------------------
Original Message:
Sent: 05-19-2020 03:16
From: Unknown User
Subject: SRX ipsec with Fritzbox
Looks like the solution is simpeler than expected
On the fritzbox side choose connect to another fritzbox.
On the srx
edit security ike
policy fb-test { mode aggressive; proposal-set compatible; pre-shared-key ascii-text "the pre-shared-key"; ## SECRET-DATA}gateway fb-test { ike-policy fb-test; address ip-of-the-fritzbox; external-interface ge-0/0/0; version v1-only;}
edit security ipsec
proposal fritzbox { protocol esp; authentication-algorithm hmac-sha1-96; encryption-algorithm aes-256-cbc; lifetime-seconds 3600;}policy fb-test { perfect-forward-secrecy { keys group2; } proposals fritzbox;}vpn fb-test { bind-interface st0.1; ike { gateway fb-test; ipsec-policy fb-test; } establish-tunnels immediately;}