IPSEC between SRX and VYOS

I wasn’t aware of VYOS security device till I was searching for a virtual Vyatta appliance. Then I learned that Vyatta was actually acquired by Brocade and after that community fork of Vyatta which is now VYOS has been brought to life. VYOS is using strongswan for IPSEC and on this post, I will show how you can configure a simple site to site IPSEC VPN between an SRX security device and VYOS. Let’s dive right into the config


First configure IKE and IPSEC on SRX side.

SRX IKE Config


Don’t forget the followings either i.e st tunnel family inet, zone assignment and allowing IKE service on external interface.

SRX side of the IPSEC config is completed. Now VYOS side;

VYOS Phase 2

VYOS Phase 1

Enable IPSEC on the interface

Remote Peer Config

Now verification time



It seems everything is right. Both Phase1 and Phase2 SAs are installed. Now enjoy your tunnel:)

You have a feedback?

This site uses Akismet to reduce spam. Learn how your comment data is processed.