Dear all,
Actually im implementing a vpn ipsec tunnel on our srx3600.
The thing is, i already set up the configuration howeverbefore that i already test the connectivity of both peer (was working fine). When i set up the configuration, the tunnel is not going up...The weirdest thing is when i configure traceoptions on both ike and ipsec, i saw nothing between local peer and remote peer.
You will find hereafter the configuration on the SRX:
set interfaces st0 unit 12 description Tunnel_VIVI
set security ike proposal g1-aes256-sha-VIVI authentication-method pre-shared-keys
set security ike proposal g1-aes256-sha-VIVI dh-group group2
set security ike proposal g1-aes256-sha-VIVI authentication-algorithm sha1
set security ike proposal g1-aes256-sha-VIVI encryption-algorithm aes-256-cbc
set security ike proposal g1-aes256-sha-VIVI lifetime-seconds 86400
set security ike policy pol_VIVI mode main
set security ike policy pol_VIVI proposals g1-aes256-sha-VIVI
set security ike policy pol_VIVI pre-shared-key ascii-text "$9$RxucK8ws4DHmYg4JGDmPp0BIEyevLbwgdb"
set security ike gateway toVIVI ike-policy pol_VIVI
set security ike gateway toVIVI address W1.X1.Y1.Z1
set security ike gateway toVIVI external-interface reth9.1061
set security ike gateway toVIVI local-address W2.X2.Y2.Z2
set security ipsec proposal g2-aes256-sha-VIVI protocol esp
set security ipsec proposal g2-aes256-sha-VIVI authentication-algorithm hmac-sha1-96
set security ipsec proposal g2-aes256-sha-VIVI encryption-algorithm aes-256-cbc
set security ipsec proposal g2-aes256-sha-VIVI lifetime-seconds 3600
set security ipsec policy policy-VIVI-VPN perfect-forward-secrecy keys group2
set security ipsec policy policy-VIVI-VPN proposals g2-aes256-sha-VIVI
set security ipsec vpn VIVI-VPN bind-interface st0.12
set security ipsec vpn VIVI-VPN ike gateway toVIVI
set security ipsec vpn VIVI-VPN ike no-anti-replay
set security ipsec vpn VIVI-VPN ike proxy-identity local 0.0.0.0/0
set security ipsec vpn VIVI-VPN ike proxy-identity remote 192.168.10.0/24
set security ipsec vpn VIVI-VPN ike proxy-identity service any
set security ipsec vpn VIVI-VPN ike ipsec-policy policy-VIVI-VPN
set security ipsec vpn VIVI-VPN establish-tunnels immediately
The Cisco configuration:
crypto isakmp policy 40
encr aes 256
authentication pre-share
group 2
crypto isakmp key 6 tobe@hidden address W2.X2.Y2.Z2
!
!
crypto ipsec transform-set VIVI-Building esp-aes 256 esp-sha-hmac
!
crypto map shellmap 40 ipsec-isakmp
description Building Juniper Firewall SRX 3600
set peer W2.X2.Y2.Z2
set security-association lifetime seconds 3600
set transform-set ESP-AES_256-SHA
match address SNL_VPN2_TRAFFIC
interface Serial0/0/0
ip address W1.X1.Y1.Z1 255.255.255.248
ip nat outside
ip virtual-reassembly
load-interval 30
crypto map shellmap
Thanks for your help