SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Route Based VPN Terms

    Posted 03-16-2023 03:07

    Hi Guys,

    Please clarify below terminologies in simple way(In Route Based VPN).

    Local IP

    remote tunnel-ip

     Local IKE-ID:

    Remote IKE-ID

    Traffic Selector

    and Creating of Route Based VPN:

    ike proposal, ike policy,ike gateway, IPsec proposal, IPsec policy, IPsec vpn , Nat source rule-set, Nat destination rule-set,

    From above What are the Phase 1 Terms(in phase 1 which one created)

    what are the Phase 2 Terms(in phase 1 which one created)

    Please clarify about above terms.....Thanks in advance.

    Regards,

    Rakesh



    ------------------------------
    Rakesh A
    ------------------------------


  • 2.  RE: Route Based VPN Terms

     
    Posted 03-16-2023 03:20

    Local IP ( the local user / network ip which needs to be passed via VPN) 

    remote tunnel-ip ( The ip of User's / network on the remote side which should be accessed via VPN ) 

     Local IKE-ID:  The Identity of your negotiation, either you can configure this manually or the IP address of your external interface will be used.  ID payload in 5th and 6th packet in ike negotiation. 

    Remote IKE-ID : ID value of Peer side for phase 1 negotiation. 

    Traffic Selector : The configuration of local IP and remote-ip 

    and Creating of Route Based VPN:

    ike proposal, ike policy, ike gateway, IPsec proposal, IPsec policy, IPsec vpn , Nat source rule-set, Nat destination rule-set,

    Q:From above What are the Phase 1 Terms(in phase 1 which one created):

    Ans: ike proposal, ike policy, ike gateway

    Q: what are the Phase 2 Terms(in phase 1 which one created)

    Ans: IPsec proposal, IPsec policy, IPsec vpn

    Nat source rule-set, Nat destination rule-set, is optional  

    Regards,



    ------------------------------
    Brijil R
    ------------------------------



  • 3.  RE: Route Based VPN Terms

    Posted 03-16-2023 03:37
    Edited by Rakesh A 03-16-2023 03:40

    Hi Brijil,

    What is the use of Traffic selector ,Encryption Domain and for phase 2 negotiation, which terms we used(these three terms  right IPsec proposal, IPsec policy, IPsec vpn)

    Thanks

    Rakesh



    ------------------------------
    Rakesh A
    ------------------------------



  • 4.  RE: Route Based VPN Terms

     
    Posted 03-17-2023 00:49

    hello

    Traffic selector : It decides what traffic should be allowed through the tunnel.

    Encryption Domain:  It is basically the mapping of source and destination which should traverse through the VPN

     for phase 2 negotiation, which terms we used(these three terms  right IPsec proposal, IPsec policy, IPsec vpn) : Yes, Ipsec contains basically the 3 things below:

    ipsec proposal: its where you configure your preferences on encryption algorithm, hashing, lifetime, protocol etc. 
    ipsec policy: here you call in the ipsec proposal, configure PFS 
    ipsec vpn: Here you call in the Ipsec policy, Ike gateway it should be map, bind ST interface, etc

    Regards,



    ------------------------------
    Brijil R
    ------------------------------