SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Contributor
Posts: 22
Registered: ‎06-21-2016
0 Kudos

IP Sec VPN implementation

Hi,

 

Can any one tell me if its possible to use IPSec VPN when there is only One SRX available, as i believe its is only possible when we have 2 x SRX devices.

 

Regards,

 

Mannan

Trusted Contributor
Posts: 74
Registered: ‎01-20-2017
0 Kudos

Re: IP Sec VPN implementation


Mannan wrote:

Can any one tell me if its possible to use IPSec VPN when there is only One SRX available, as i believe its is only possible when we have 2 x SRX devices.

 


Do you mean kind of creating logical system (like we do in MX) and create IPsec VPN between those logical system in signle SRX?

Contributor
Posts: 22
Registered: ‎06-21-2016
0 Kudos

Re: IP Sec VPN implementation

IPSec for user to access the resources securely at the site where SRX is placed. I myself think its is only possible via SSL VPN with NCP client. but the user does not have that license. will the default IPSec vpn feature help in anyway.

Trusted Contributor
Posts: 74
Registered: ‎01-20-2017
0 Kudos

Re: IP Sec VPN implementation

 

Do you want to use remote-access VPN on SRX with the default licence? This below post may help

 

https://forums.juniper.net/t5/SRX-Services-Gateway/Remote-Access-License/td-p/94802

 

 

 

Distinguished Expert
Posts: 5,122
Registered: ‎03-30-2009
0 Kudos

Re: IP Sec VPN implementation

There is a default 2 user license for remote access VPN on the SRX branch series.  The details of how to use this and whether it is SSL or IPSEC vary with the specific model and version of Junos running on the device.

 

What is you rmodel and version?

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home
Contributor
Posts: 22
Registered: ‎06-21-2016
0 Kudos

Re: IP Sec VPN implementation

Hi,




It's SRX 1500




Mannan






Sent from Outlook for Android
Recognized Expert
Posts: 611
Registered: ‎05-28-2015
0 Kudos

Re: IP Sec VPN implementation

The Dynamic-VPN is not supported:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB17436&actp=METADATA

IPSEC VPN is supported:
https://www.juniper.net/assets/jp/jp/local/pdf/datasheets/1000551-en.pdf
Regards,
A'bed AL-R.
[JNCSP-SEC JNCDA Ingenious Champion]
https://srxtech.wordpress.com
Distinguished Expert
Posts: 5,122
Registered: ‎03-30-2009
0 Kudos

Re: IP Sec VPN implementation

 I think those are out of date.  The release notes for version 15.1x49-d80 released earlier this year show the SRX1500 added dynamic VPN.  See page 8-9.

 

http://www.juniper.net/documentation/en_US/junos/information-products/topic-collections/release-note...

 

But they only mention the SSL variety which requires the NCP client as noted in the release notes.  You can get a 30 day trial to confirm it meets your needs but will need a license for the software after that.  The dynamic vpn allows 2 connections without a license on the SRX itself.

 

https://www.ncp-e.com/ncp-exclusive-remote-access-client/

 

Setup instructions for SSL vpn

 

https://forums.juniper.net/t5/Security/SSL-VPN-configuration-on-SRX-running-15-1X49-D80-4-or-higher/...

 

Since SSL VPN is IPSEC over SSL, you can try the open source Shrew client and see if you can get it to work.  But this is not specifically called out in the release notes so it might not.

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home
Distinguished Expert
Posts: 1,118
Registered: ‎08-29-2013
0 Kudos

Re: IP Sec VPN implementation

[ Edited ]

Removed the post

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Distinguished Expert
Posts: 5,122
Registered: ‎03-30-2009
0 Kudos

Re: IP Sec VPN implementation

Suraj,

 

He is talking about what Junos calls Dymanic VPN or client to Firewall VPN for remote access.  Not Site-to-Site VPN.

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home