Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.
Back to discussions
Expand all | Collapse all

IPSEC VPN Between CISCO ASA with fixed IP and Juniper SSG-140 with dynamic IP address

  • 1.  IPSEC VPN Between CISCO ASA with fixed IP and Juniper SSG-140 with dynamic IP address

    Posted 09-24-2009 03:40

     Hi,

     

     Anyone can help me to build this vpn?

    Regards, 



  • 2.  RE: IPSEC VPN Between CISCO ASA with fixed IP and Juniper SSG-140 with dynamic IP address
    Best Answer

    Posted 09-25-2009 09:55

    I achieved it. I will wrote configurations soon.

     

    <private-net><cisco asa fixed ip public address><internet><juniper ssg-140 dynamic public ip address><private-net>

     

     

    <JUNIPER_SSG_CONFIG>

     

     set ike gateway "ASA_GATEWAY" address 9.9.9.9  Aggr local-id "my_juniper" outgoing-interface "ethernet0/2" preshare "t1k1taka" proposal "pre-g2-3des-md5"

     

    set vpn "MY_VPN" gateway "ASA_GATEWAY no-replay tunnel idletime 0 sec-level compatible

     

    set policy id 200 from "Trust" to "Untrust"  "juniper_private_net" "asa_private_net" "ANY" tunnel vpn "MY_VPN"  log

    set policy id 200 from "Untrust" to "Trust"  "asa_private_net" "juniper_private_net" "ANY" tunnel vpn "MY_VPN"  log

     

    </JUNIPER_SSG_CONFIG>

     

     



    Message Edited by apezuela on 09-25-2009 10:04 AM


  • 3.  RE: IPSEC VPN Between CISCO ASA with fixed IP and Juniper SSG-140 with dynamic IP address

    Posted 05-17-2010 06:27

    Could you post the ASA config as well?  Thank you!   Smiley Happy