[j-nsp] Help needed with IPSEC VPN on J-Series

Bill Sandiford bill at telnetcommunications.com
Wed Mar 20 12:16:24 EDT 2013


For the most part this J-series has always just acted as a router without
any tunnels per se.  As such, I have always had all interfaces in the
trust zone, as follows

zones {
    security-zone trust {
        tcp-rst;
        host-inbound-traffic {
            system-services {
                any-service;
            }
            protocols {
                all;
            }
        }
        interfaces {
            all;
        }
    }
}

Will this accomplish what you are suggesting?







On 2013-03-20 11:52 AM, "Patrick Dickey" <dickeypjeep at yahoo.com> wrote:

>I don't remember if the J series behaves exactly like the SRXs when it
>comes
>to IPSec, but if it is make sure to put the st0.x interface into a
>security
>zone and have a security policy allowing the traffic.
>
>I believe that's only a requirement if you're running the enhanced
>services/security code on the J, but I think you have to be to get IPSec.
>
>HTH
> 
>
>-----Original Message-----
>From: juniper-nsp-bounces at puck.nether.net
>[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Bill Sandiford
>Sent: Wednesday, March 20, 2013 8:47 AM
>To: juniper-nsp at puck.nether.net
>Subject: [j-nsp] Help needed with IPSEC VPN on J-Series
>
>Hi All,
>
>I need some help with an IPSEC tunnel that I just can't seem to get
>working
>on a J-6350.  I have been able to get the tunnels to come up, but can't
>seem
>to pass traffic over the tunnels
>
>I've done the usual things.  I've created an st0.0 interface and bound it
>to
>the tunnel using the bind-interface command.  I've created a static route
>and pointed it at the st0.0 interface.  I just can't seem to get traffic
>to
>pass over the tunnel.
>
>Any help or suggestions would be appreciated.  I'm also willing to put a
>$$$
>bounty on this for anyone that is willing to help me get it working via
>teamviewer.
>
>Regards,
>Bill
>
>
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp
>




More information about the juniper-nsp mailing list