Have you ever wanted to test an IPsec tunnel but wanted to see the packets in clear text instead of all those encrypted gibberish stuff? One of the ways and to me the easiest one is to use NULL encryption. In this post we will see how we can leverage this no encryption method. Below
Read More »
Finally my virtual SRX lab is ready for my DPD tests . As you might know, DPD (Dead Peer Detection) is a method used to detect if an IPsec peer is alive or not. Here we will see the ways DPD can be configured also why we really need a monitoring method like DPD. I
Read More »
I am going to break my certificate VPN setup in this post and see what sort of log message we will get. If you are looking for how to set up a certificate based IPSEC VPN on SRX, you can check my other post. I have already an established the tunnel between those two peers
Read More »
When I was a junior engineer, I used to go to customer sites to install leased line modems and perform the initial quality checks of the lines. The most critical moment after provisioning the line was sending the first 100 ICMP packets to see if there is any packet loss or not and even if
Read More »
I wasn’t aware of VYOS security device till I was searching for a virtual Vyatta appliance. Then I learned that Vyatta was actually acquired by Brocade and after that community fork of Vyatta which is now VYOS has been brought to life. VYOS is using strongswan for IPSEC and on this post, I will show
Read More »
Starting from 12.1X46-D10 release, SRX has a new feature called traffic selector. Details of the feature can be found at juniper page here In a nutshell, it is similar to the proxy-id but has some major differences. By using proxy ids we can even establish two IPSEC tunnels to the same tunnel end point or
Read More »
In one of my earlier posts I provided my configuration for an IPSEC VPN setup between an SRX firewall and Linux with racoon. In this post, I will explain how you can set up a route based IPSEC tunnel between StrongSwan (pre-shared key) and SRX firewall. Topology of my setup is below; Tunnel Peers: debian1
Read More »
During one of my IPSEC VPN tests using certificate authentication, I have received the following error which really baffled me: ike_find_public_key: Find public key for 192.168.1.1:500, id = No Id -> 192.168.2.1:500, id = fqdn(any:0,[0..19]=srx1.example.com) ikev2_fb_find_public_key_cb: Public key lookup failed, error 'Authentication failed' ike_policy_reply_find_public_key: Start 192.168.1.1:500 (Responder) 192.168.2.1:500 { b0c74fc4 ae9a22d3 - d1afb9e8 a67a0c00 [-1]
Read More »
Here I will share how I have connected two SRX boxes via IPSEC VPN by using certificate authentication instead of pre-shared key. Here is the outline; 1) Create certificate authority in Linux 2) Create CA profile on SRX 3) Generate Certificate Request 4) Sign the certificate 5) Load the certificates 6) Configure IPSEC/VPN 7) Verification
In today’s post I will write about how we can setup Dynamic VPN connection towards an SRX device in several scenarios This is part of my JNCIE-SEC studies although I am falling very behind my schedule:( Let’s get started: IPsec VPNs Implementation of IPsec VPNs Multipoint tunnels Policy and route-based VPNs Traceoptions Dual and backup
Read More »
You must be logged in to post a comment.