Author: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE

IPSEC VPN between SRX and Cisco

In this post, I would like to share my site-to-site ipsec vpn configuration between srx100 (junos 11.1R4.4) and cisco3725 (ios 12.4) (on dynamips) Cisco Configuration version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Cisco3725 ! boot-start-marker boot-end-marker ! enable password 7 030455DDD03241D1C5A ! no aaa new-model !
Read More »

IPSEC VPN between SRX and Netscreen

Below you will find my ipsec vpn configuration between an SRX100 device and Netscreen 5GT. Here is the topology; Protected Networks on Netscreen: 10.10.10.0/24 Protected Network on SRX : 192.168.0.0/24 ns5gt-> get sys | inc Software Software Version: 5.4.0r3.0, Type: Firewall+VPN root@hub> show version Hostname: hub Model: srx100h JUNOS Software Release [11.1R4.4]

JNCIP-SEC exam

When I was studying for jncip-sec exam, I decided to book my exam just to force myself to study more efficiently in a time constraint way. I think this is the way it should be and on Monday afternoon, I passed the exam. It was definitely a challenging exam for me. What I like about juniper exams
Read More »

How to write SRX IDP Custom Attack/Signature

Here is a sample configuration of a custom attack configuration on SRX. It is very basic and does only block URLs having *.exe in path and sends a RST back to the client. My regex might not be %100 correct but it has no purpose rather than showing a simple configuration; 1) Configure custom attack
Read More »

How to enable IDP on SRX

If you want to enable IDP on an SRX device, you have to issue certain number of commands which I list step by step from scratch; 1) Install license first if it hasn’t been installed yet. You can see if it is installed or not via “show system license installed” if this command doesn’t give
Read More »

JNCIP-SEC [ 5 – Advanced IPSEC ] Part 1

Yes again I would like to write something about ipsec vpn. It won’t cover everything about the jncip-sec exam but I would like to compile something that I can also use in the future as a reference. As I have said in my previous posts, any constructive comment,feedback is welcomed. Lets get started. 1) Point
Read More »

JNCIP-SEC [ 4 – High Availability ]

Today’s post is about high availability which is one of the topics of jncip-sec exam. This post doesn’t cover everything though as it only reflects my self studies. Let’s get started. Test Topology Test Platform: 2 x SRX 210 with JunOS 10.4R6.5 Before starting configuration of my srx 210s for cluster, I must remove some
Read More »

JNCIP-SEC [ 3 – Advanced NAT ]

In this post I would like to do some experiment in Advanced NAT topics according to detailed exam guide here are the details: 1) Given a scenario, describe and implement static, source, destination, and dual NAT 2) Describe and implement variations of persistent NAT 3) Given a scenario, describe the interaction between NAT and security
Read More »