[edit security zones security-zone set address-book address LAN1 192.168.1.0/24 set address-book address LAN2 192.168.2.0/24 We will use them to create security policies to allow traffic for each LAN. We also need to create address-book entries for each private network (local and remote). [edit security zones security-zone set host-inbound-traffic system-services ike Make sure the Public zone allows the inbound IKE packet (ISAKMP). If you are sure it is appropriate, let's start the configuration. There is only the addressing configuration, we set the IP address according to the figure above (thumbnail) and set the default gateway to vSRX devices. Optionally, I also configure the management interface and user login. We have to configure security policies to permit all traffics from Private zone to Public zone and Private Zone to Private Zone. Then, we have to add a default route which Public-Router as a default gateway. ![]() We have to configure addressing for public and private interface. Because we don't need any configuration here except for addressing.įor both VPN gateway (vSRX-1 and vSRX-2), we use vSRX 20.1R1. Of course, you can use another vendor to be a Router here. On Public-Router, we just configure the addressing as usual. To ensure we start with the same conditions, make sure you have configured the following. We will manually configure the IKE and IPsec proposal parameters.Īuthentication method: pre-shared-key "Indonesia_2020" We will configure a policy-based site-to-site VPN to connect private networks on vSRX-1 (LAN1 and LAN2) and vSRX-2 (LAN3). Moreover, if you are Indonesian and new to firewall devices, especially Juniper SRX, please learn from the beginning on our YouTube: JNCIA-Sec: Juniper SRX Devices
0 Comments
Leave a Reply. |