[j-nsp] Help needed with IPSEC VPN on J-Series

Aaron Dewell aaron.dewell at gmail.com
Wed Mar 20 12:29:12 EDT 2013 

You'll also need a policy which allows traffic from trust to trust, i.e.:

set security policies from-zone trust to-zone trust match source-address any
set security policies from-zone trust to-zone trust match destination-address any
set security policies from-zone trust to-zone trust match protocol any
set security policies from-zone trust to-zone trust then permit

Cross-interface traffic is not allowed by default even within the same zone.

On Mar 20, 2013, at 10:16 AM, Bill Sandiford wrote:
> For the most part this J-series has always just acted as a router without
> any tunnels per se.  As such, I have always had all interfaces in the
> trust zone, as follows
> 
> zones {
>    security-zone trust {
>        tcp-rst;
>        host-inbound-traffic {
>            system-services {
>                any-service;
>            }
>            protocols {
>                all;
>            }
>        }
>        interfaces {
>            all;
>        }
>    }
> }
> 
> Will this accomplish what you are suggesting?
> 
> 
> 
> 
> 
> 
> 
> On 2013-03-20 11:52 AM, "Patrick Dickey" <dickeypjeep at yahoo.com> wrote:
> 
>> I don't remember if the J series behaves exactly like the SRXs when it
>> comes
>> to IPSec, but if it is make sure to put the st0.x interface into a
>> security
>> zone and have a security policy allowing the traffic.
>> 
>> I believe that's only a requirement if you're running the enhanced
>> services/security code on the J, but I think you have to be to get IPSec.
>> 
>> HTH
>> 
>> 
>> -----Original Message-----
>> From: juniper-nsp-bounces at puck.nether.net
>> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Bill Sandiford
>> Sent: Wednesday, March 20, 2013 8:47 AM
>> To: juniper-nsp at puck.nether.net
>> Subject: [j-nsp] Help needed with IPSEC VPN on J-Series
>> 
>> Hi All,
>> 
>> I need some help with an IPSEC tunnel that I just can't seem to get
>> working
>> on a J-6350.  I have been able to get the tunnels to come up, but can't
>> seem
>> to pass traffic over the tunnels
>> 
>> I've done the usual things.  I've created an st0.0 interface and bound it
>> to
>> the tunnel using the bind-interface command.  I've created a static route
>> and pointed it at the st0.0 interface.  I just can't seem to get traffic
>> to
>> pass over the tunnel.
>> 
>> Any help or suggestions would be appreciated.  I'm also willing to put a
>> $$$
>> bounty on this for anyone that is willing to help me get it working via
>> teamviewer.
>> 
>> Regards,
>> Bill
>> 
>> 
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> 
> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list