SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Recognized Expert
Posts: 258
Registered: ‎11-06-2007

Try the new Site-to-Site VPN Configuration Tool (beta)

[ Edited ]

Hello.

We have a new configuration tool (beta) to assist you with your Site-to-Site VPN configurations on SRX Series and J Series devices:

Site-to-Site VPN Configuration Tool


Please provide feedback by clicking the 'Comments' link in the right-hand column of the tool to tell us what you think!


Regards,

Josine Pentin

eSupport team

Message Edited by PentinProcessor on 08-25-2009 07:29 AM
Recognized Expert
Posts: 258
Registered: ‎11-06-2007

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

IMPORTANT NOTE:

 

We inadvertently posted the un-encrypted URL so please change any bookmarks you may have to the following:

    https://www.juniper.net/customers/support/configtools/vpnconfig.html

The tool requires potentially sensitive input (IP addresses, etc) and so should only be used via HTTPS/SSL.

 

We also require that you be logged in to use the tool. This helps us with our measurements for usage and is also an un-abashed attempt to get more people to register (your J-Net registration should be sufficient - if there are any problems please let us know).

 
Regards,
Josine Pentin
eSupport team

Distinguished Expert
Posts: 1,117
Registered: ‎01-10-2008
0 Kudos

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

Cool!!
best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Contributor
Posts: 15
Registered: ‎09-09-2009
0 Kudos

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

[ Edited ]

Does Juniper offer a comparable technology to Cisco's DMVPN with NHRP?

 

I have read a Juniper web page (Juniper wont allow me to post the link here) and it seems that Juniper does NOT support direct, spoke to spoke tunneling. All traffic has to go through the hub, it seems (hub and spoke).

 

Am I wrong?

 

Is there another flavor of site to site VPN other than what I am reading at this link?

 

It also seems ot be the casethat the hub must always be configured as you add new spokes and that there is no automatic and dynamic discovery of the spoke as there is with NHRP. NHTP (or whatever Juniper calls it) does not seem to offer the same functionality as NHRP.

 

Am I correct?

 

Thanks!

Message Edited by Juniper_Newbie on 09-13-2009 12:56 PM
New User
Posts: 4
Registered: ‎07-11-2009
0 Kudos

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

Yes there is auto connect vpn (ACVPN) which is currently only supported only screenos.
Contributor
Posts: 45
Registered: ‎10-20-2009
0 Kudos

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

how can I get it to shove a GRE tunnel through the IPSec?  The tool seems to be good for very simple scenarios, but I'm trying to peer with a Cisco router that cannot do route-based VPN's, so we are using GRE over IPSec.  I can't seem to get it to work.

Contributor
Posts: 211
Registered: ‎08-07-2010
0 Kudos

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

of course it will help for all  configuring vpn in juniper devices only ?????

Best Regards,
Ghan Shyam
=========================
CCNA,JNCIA-Junos,JNCIS-SEC
=========================
www.gsraut.com.np



If this help to solve your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.

Trusted Contributor
Posts: 446
Registered: ‎05-05-2008
0 Kudos

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

Look at "set security group-vpn" on 10.2R2+ (i think) or 10.3.

Theodore E Van Iderstine
Stream Networks
+1 678 373 4200 x125
JNCIA-ER (expired), JNCIA-SSL (ditto)
Contributor
Posts: 42
Registered: ‎09-20-2010
0 Kudos

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

The comment page is not working for me.

 

Not sure if its correct, but for me only the "local static to remote static" option is working. Also, its not possible to have a default route to the remote site. i.e the remote network cannot be 0/0.

New User
Posts: 2
Registered: ‎10-07-2010
0 Kudos

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

Does this tool still work? I have tried in 3 different browsers and connot get it to generate a config. It seems to not like anything I put in the Public Network Interface (G) field - or at least it turns yellow when I hit the generate config button. Basically when I press the config button it turns the fileds green and says "Please Wait..." I have used it in the past successfully, but wondering if something is broken.

 

Thanks,

Jason

Contributor
Posts: 42
Registered: ‎07-21-2011
0 Kudos

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

tools didn't seem to be working, got the "please wait" after submit the request.....

 

thanks

Trusted Expert
Posts: 784
Registered: ‎11-01-2007
0 Kudos

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

Bad library update. We did a rollback and should be working now.

Visitor
Posts: 2
Registered: ‎01-27-2012
0 Kudos

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

Tool is AWESOME!  Thanks!  Now I just can't figure out why I can not ping accross the VPN.  No policies deny this.  Err!

Visitor
Posts: 9
Registered: ‎03-30-2012
0 Kudos

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

Juniper's stuff not working seems to be a common theme as of late

Contributor
Posts: 12
Registered: ‎09-18-2012
0 Kudos

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

Great tool, thanks

Regards

Charlie M
JNCIA-JUNOS, JNCIS-SEC, JNCIS-SP
Visitor
Posts: 6
Registered: ‎05-24-2012
0 Kudos

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

Another Fail by Juniper, the H option only allows you to use static VPN to Static VPN, although in the information icon it clearly has muliple selection that should be able to select. 

 

We have bought and paid for 6 SRX firewalls and Juniper apparently has big issues with VPN's. We decided to choose Juniper as they were already on our network and field sites yet all my heart burn has been with VPN's and I have many of Juniper ATAC's working on issues that are over a month old, that they want to downgrade without fixing the issues. We are  very close to getting the legal department involved in this big purchase we made last november. 

 

How about getting SRX (static) to SSG (Dynamic) working. I have spent more time on these VPN's then an other firewll I have every dealt with. I have installed Symantecs, Check Point, Cyberguard, ASA, PIXs, and Sidewinders with no where near the issues that these SRX's have. not to mention the complete fail of VPN's in the virtual firewall, did I mention the 7500.00 exspense for the virtual firewall that we are unable to use because of these tunnels. What a waste of tax payers money.

 

Recognized Expert
Posts: 265
Registered: ‎09-12-2011
0 Kudos

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

"Please provide feedback by clicking the 'Comments' link in the right-hand column of the tool to tell us what you think!"

 

There is no "Comments" link. Fail.

 

It's site-to-site. It only generates the config for one side. So, something less than a 50% score.

Super Contributor
Super Contributor
Posts: 171
Registered: ‎04-14-2013
0 Kudos

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

Looks good

Contributor
Posts: 95
Registered: ‎03-27-2011
0 Kudos

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

it is very good .

Thanks
Maung Tan
data edge limited
Contributor
Posts: 111
Registered: ‎03-24-2014
0 Kudos

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

This is amazing, thats for taking the time to make this tool.