Category: ipsec

JNCIE-SEC: IPSEC VPN between SRX and Cisco

In JNCIE-SEC exam, one of the IPSEC topics is “Interoperability with 3rd party devices”. In one of my previous post I had already written about this but this time, I will do policy based VPN on SRX side. IPsec VPNs Implementation of IPsec VPNs Multipoint tunnels Policy and route-based VPNs Traceoptions Dual and backup tunnels
Read More »

IPsec TCP-MSS, DF-BIT and Fragmentation

In my previous ipsec troubleshooting post, I haven’t talked about how we approach performance issues. Which is probably not a JNCIE-SEC topic but this is a very important topic for the real networks. In this topology I will examine how throughput changes between two end points of an IPSEC tunnel depending on the configuration of
Read More »

Dual IKE gateway with OSPF

I would like to share some of my IPSEC testings which I hope very close to a real life example.  Below is the topology of this lab. J41 device is the IPSEC HUB and J23 and J21 devices are spokes. What I wanted to achieve is if J23 loses connectivity with the primary IKE end point
Read More »

JWEB and Dynamic VPN page

There seems to be a confusion about how JWEB and dynamic VPN authentication page are working in parallel. I hope to give some tips I know in this post. For example, if you have the following config, what does it really mean for JWEB? [edit] root@srx# show system services web-management { https { system-generated-certificate; interface
Read More »

IPSEC VPN between SRX and Cisco

In this post, I would like to share my site-to-site ipsec vpn configuration between srx100 (junos 11.1R4.4) and cisco3725 (ios 12.4) (on dynamips) Cisco Configuration version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Cisco3725 ! boot-start-marker boot-end-marker ! enable password 7 030455DDD03241D1C5A ! no aaa new-model !
Read More »

IPSEC VPN between SRX and Netscreen

Below you will find my ipsec vpn configuration between an SRX100 device and Netscreen 5GT. Here is the topology; Protected Networks on Netscreen: 10.10.10.0/24 Protected Network on SRX : 192.168.0.0/24 ns5gt-> get sys | inc Software Software Version: 5.4.0r3.0, Type: Firewall+VPN root@hub> show version Hostname: hub Model: srx100h JUNOS Software Release [11.1R4.4]

JNCIP-SEC [ 5 – Advanced IPSEC ] Part 1

Yes again I would like to write something about ipsec vpn. It won’t cover everything about the jncip-sec exam but I would like to compile something that I can also use in the future as a reference. As I have said in my previous posts, any constructive comment,feedback is welcomed. Lets get started. 1) Point
Read More »