IPSEC between StrongSwan and SRX

In one of my earlier posts I provided my configuration for an IPSEC VPN setup between an SRX firewall and Linux with racoon. In this post, I will explain how you can set up a route based IPSEC tunnel between StrongSwan (pre-shared key) and SRX firewall. Topology of my setup is below;


Tunnel Peers: debian1 and j41
Tunnel End point addresses: debian1( — j41(
Protected Networks: debian1( — j41(
SRX Junos Release: 12.1X46-D15.3
StrongSwan Release: 4.5.2-1.5+deb7u2


Create your strongswan configuration files as below;



Strongswan config is this much, now SRX config.


As I have several configuration for different peers, you can see IKE proposal,policy and gateway configuration in order.


IPSEC config is also in the same order proposal,policy and vpn.

Let’s verify this setup on two sides;



As you can see tunnel is established properly. I have tested this config two times on these releases. I hope there isn’t any mistake so far. I haven’t passed traffic on this setup as my purpose was to see how the configuration is done but I don’t think there should be a problem. Should you have any feedback, please feel free to comment!

One thought on “IPSEC between StrongSwan and SRX

  1. Arslan

    I am trying to do the same task and succeful in making th tunnel but traffic is not passing through..please do some favor for me


You have a feedback?