11-01-2008 04:17 AM
11-01-2008 08:32 PM
So it sounds like you want to set up an IPSec tunnel between the two sites. What version of JUNOS do you have? The reason I ask is IPSec configuration is quite different between packet-based JUNOS and JUNOS with enhanced services. If JUNOS with enhanced services, I would recommend a route-based VPN. You can find application notes for JUNOS with enhanced services at http://kb.juniper.net/KB10182.
11-02-2008 11:43 AM
If you are using the Export edition, it doesn't have any encryption functionality in it (due to the export restrictions). You need to apply for permission to download the 'domestic' version of JUNOS to have any encryption.
Can you put the output of "show version" in a response to confirm it's not ES. I'm pretty sure you're not running ES, though.
11-03-2008 12:01 AM
That doesn't look like the full output of "show version" :-) but never mind.
As Richard said, the configuration of IPsec in JUNOS and in JUNOS-ES are quite different. Since the kb to which Richard provided a link is for JUNOS-ES, I doubt that you'll be able to use it with regular, packet based JUNOS.
So, you have a couple of choices.
1) upgrade to a domestic version of JUNOS, which requires that you complete an online form (accessible from the download pages when you try, and fail, to download the domestic version). Then you'll need to take a look at http://www.juniper.net/techpubs/software/junos/
2) upgrade to a domestic version of JUNOS-ES. The same restrictions apply wrt completing the form since it also contains encryption technologies, the export of which is controlled by the US government. Then use the kb to which Richard pointed to help you configure your box.
NOTE: Going to JUNOS-ES has some constraints. JUNOS-ES can run in flow mode or packet mode. When in flow mode, you get a lot of the benefits of a stateful firewall. However, you currently cannot run MPLS in flow mode so, if you require MPLS then stick for now with the regular JUNOS and use option 1.