In one of my earlier posts I provided my configuration for an IPSEC VPN setup between an SRX firewall and Linux with racoon. In this post, I will explain how you can set up a route based IPSEC tunnel between StrongSwan (pre-shared key) and SRX firewall. Topology of my setup is below;
Tunnel Peers: debian1 and j41
Tunnel End point addresses: debian1(192.168.3.11) — j41(212.45.64.2)
Protected Networks: debian1(10.33.1.0/24) — j41(10.34.1.0/24)
SRX Junos Release: 12.1X46-D15.3
StrongSwan Release: 4.5.2-1.5+deb7u2
LINUX
Create your strongswan configuration files as below;
/etc/ipsec.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
config setup charonstart=yes plutostart=yes conn j41-srx authby=secret auto=start esp=aes128-sha1,3des-sha1! ike=aes128-sha1-modp2048,3des-sha1-modp1536! ikelifetime=28800 keyexchange=ikev1 leftid=@debian1.example.com rightid=@j41.example.com left=192.168.3.11 right=212.45.64.2 leftsubnet=10.33.1.0/24 rightsubnet=10.34.1.0/24 |