SRX

 View Only
last person joined: 17 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SRX ipsec with Fritzbox

    Posted 05-19-2020 02:33

    Good day,

     

    i try to esteblish a tunnel with a Juniper SRX 210 on one side and a AVM Fritzbox on the other side.

    I found http://ebsa.nl/Home/Site_to_Site_VPN_Juniper_SRX_to_Fritz%21Box and it looks like the tunnel is up but the srx isn't receiving data.  (also with 3des-cbc)

     

    There is however a default option to connect to "a company firewall" wich would be the prefered solution

    this option requiers "VPN user name (Key ID):" and a PSK.

    but i have no idea what the username should be.

     

    Any information would be appriciated.



  • 2.  RE: SRX ipsec with Fritzbox
    Best Answer

    Posted 05-19-2020 03:17

    Looks like the solution is simpeler than expected

    On the fritzbox side choose connect to another fritzbox.

     

    On the srx

    edit security ike

    policy fb-test {
        mode aggressive;
        proposal-set compatible;
        pre-shared-key ascii-text "the pre-shared-key"; ## SECRET-DATA
    }
    gateway fb-test {
        ike-policy fb-test;
        address ip-of-the-fritzbox;
        external-interface ge-0/0/0;
        version v1-only;
    }

    edit security ipsec

    proposal fritzbox {
        protocol esp;
        authentication-algorithm hmac-sha1-96;
        encryption-algorithm aes-256-cbc;
        lifetime-seconds 3600;
    }
    
    policy fb-test {
        perfect-forward-secrecy {
            keys group2;
        }
        proposals fritzbox;
    }
    
    vpn fb-test {
        bind-interface st0.1;
        ike {
            gateway fb-test;
            ipsec-policy fb-test;
        }
        establish-tunnels immediately;
    }
    

     



  • 3.  RE: SRX ipsec with Fritzbox

    Posted 02-17-2022 09:36
    I know this is an old thread but the thing that got this working for me last night was:

    On the FritzBox: after selecting "Connect your home network with another FRITZ!Box network (LAN-LAN linkup)" and clicking Next, use IP addresses where it asks for "Web address of the remote site" and "Web address of this FRITZ!Box".

    On the Juniper: The IKE Gateway settings are as above, using the IP address of the FritzBox.  The only other setting I needed was "
    local-identity inet ip.of.the.juniper" because my Juniper is behind another device that does NAT.

    I tried using DNS names originally but couldn't get it to work.  Using IP addresses everywhere bought it up straight away.


    ------------------------------
    Jeff Slattery
    ------------------------------