Have you ever thought how the IP addresses are chosen/selected in icmp time exceeded error messages when you run a traceroute command? Recently I was analyzing an issue and this really made a difference in troubleshooting. I have done the analysis on an SRX firewall and a Linux device and I have got different results.
Read More »
In one of my earlier posts I provided my configuration for an IPSEC VPN setup between an SRX firewall and Linux with racoon. In this post, I will explain how you can set up a route based IPSEC tunnel between StrongSwan (pre-shared key) and SRX firewall. Topology of my setup is below; Tunnel Peers: debian1
Read More »
I will briefly show how you can set up Layer 2 circuit between two packet-mode SRX boxes on 12.1X46-D10 release. Simply, if you set up a Layer 2 circuit between two sites, you can connect the same subnet between two different geographic location over an MPLS cloud. Look at the following sample topology and assume
Read More »
During one of my IPSEC VPN tests using certificate authentication, I have received the following error which really baffled me: ike_find_public_key: Find public key for 192.168.1.1:500, id = No Id -> 192.168.2.1:500, id = fqdn(any:0,[0..19]=srx1.example.com) ikev2_fb_find_public_key_cb: Public key lookup failed, error 'Authentication failed' ike_policy_reply_find_public_key: Start 192.168.1.1:500 (Responder) 192.168.2.1:500 { b0c74fc4 ae9a22d3 - d1afb9e8 a67a0c00 [-1]
Read More »
In this post, you will find a quick introduction on how you can install Firefly perimeter on KVM. I always liked CLI way of doing things and KVM is pretty nice on this.Let’s install firefly Deploy firefly image #bash /mnt/OS/junos-vsrx-12.1X46-D10.2-domestic.jva FF2 -i 2::host-bridge,default -s virtimages With one line you can install the image. Below is
Read More »
As you might know Firefly Perimeter aka VSRX which is the virtual firewall running on Vmware ESX and KVM can be downloaded as evaluation at here I believe it is great to test most functionality for example an SRX cluster (High Availability) which is the topic of this post. Here I will show How you
Read More »
Below you will find a simple example for those who use Linux iptables and now need to use SRX NAT. I am giving destination and source nat examples in both systems to easily compare the way NAT is configured in both firewalls. In both scenarios I will use the following topology in which ubuntu3 is
Read More »
Juniper has released an article to mitigate the recent NTP amplification attack. If you haven’t seen it so far and have NTP enabled, check this article http://kb.juniper.net/JSA10613
Juniper Networks has announced its virtual firewall solution Firefly. Some details can be found at here It is a product which streamlines troubleshooting, protocol testing, lab setups. I am mostly interested in Firefly perimeter as it is JUNOS in a virtual environment which most people have been waiting for a long time I suppose. I
Read More »
Here I will share how I have connected two SRX boxes via IPSEC VPN by using certificate authentication instead of pre-shared key. Here is the outline; 1) Create certificate authority in Linux 2) Create CA profile on SRX 3) Generate Certificate Request 4) Sign the certificate 5) Load the certificates 6) Configure IPSEC/VPN 7) Verification
You must be logged in to post a comment.