[j-nsp] Help needed with IPSEC VPN on J-Series
Bill Sandiford
bill at telnetcommunications.com
Wed Mar 20 12:16:24 EDT 2013
For the most part this J-series has always just acted as a router without
any tunnels per se. As such, I have always had all interfaces in the
trust zone, as follows
zones {
security-zone trust {
tcp-rst;
host-inbound-traffic {
system-services {
any-service;
}
protocols {
all;
}
}
interfaces {
all;
}
}
}
Will this accomplish what you are suggesting?
On 2013-03-20 11:52 AM, "Patrick Dickey" <dickeypjeep at yahoo.com> wrote:
>I don't remember if the J series behaves exactly like the SRXs when it
>comes
>to IPSec, but if it is make sure to put the st0.x interface into a
>security
>zone and have a security policy allowing the traffic.
>
>I believe that's only a requirement if you're running the enhanced
>services/security code on the J, but I think you have to be to get IPSec.
>
>HTH
>
>
>-----Original Message-----
>From: juniper-nsp-bounces at puck.nether.net
>[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Bill Sandiford
>Sent: Wednesday, March 20, 2013 8:47 AM
>To: juniper-nsp at puck.nether.net
>Subject: [j-nsp] Help needed with IPSEC VPN on J-Series
>
>Hi All,
>
>I need some help with an IPSEC tunnel that I just can't seem to get
>working
>on a J-6350. I have been able to get the tunnels to come up, but can't
>seem
>to pass traffic over the tunnels
>
>I've done the usual things. I've created an st0.0 interface and bound it
>to
>the tunnel using the bind-interface command. I've created a static route
>and pointed it at the st0.0 interface. I just can't seem to get traffic
>to
>pass over the tunnel.
>
>Any help or suggestions would be appreciated. I'm also willing to put a
>$$$
>bounty on this for anyone that is willing to help me get it working via
>teamviewer.
>
>Regards,
>Bill
>
>
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list