SRX

Hello,

We have an srx , the customer has set a task to configure dynamic vpn connection between the srx in the office and PC in his house to check the work of vpns. The second task is to configure rate limitting for vpn connection. Please help, i've found dynamic vpn configuration example it would be below, is it possible to make configuration without radius server? Concerning rate limiting, how it would be better to configure it with help of CoS statless firewall filter or it can be the other alternative of configuration?

The example for vpn i've found:

root@coloclaw# show access
profile user-auth-profile {
client boston-user {
firewall-user {
password "$9$bns4JGUH.fQDiQ3/tIRvM8"; ## SECRET-DATA
}
}
client newyork-user {
firewall-user {
password "$9$km5FCtOcyKn/yKM8dVqmf"; ## SECRET-DATA
}
}
}
profile radius-server {
authentication-order radius;
radius-server {
10.159.4.8 secret "$9$HkfzCtOEcl69A01Irl"; ## SECRET-DATA
}
}
firewall-authentication {
web-authentication {
default-profile radius-server;
}
}

Thanks in advance!

Hi,

Yes, you can configure authentication without Radius, i.e by Local Authentication, which I see you have already done below by creating the profile "user-auth-profile". So you may not require the Radius configuration below, but you need to apply the User-Profile to the "firewall-authentication"; for example

[edit access]

user@srx-1# show

firewall-authentication {

        web-authentication {

                  default-profile user-auth-proflie

Sorry, I'm not sure about the Cos for Dynamic VPN.

Hope this helps a bit.

Thank you so much for your advice! I really appreciate people like you, that are always ready to help!