Junos Cup 2014
Junos Cup 2014

Tournament 1: Greece Challenge & Solution - IPSEC VPN #1

[ Edited ]
‎06-12-2014 07:56 AM

Country Flag associated with this challenge: GREECE

 

Authors: Brad Woodberg and Linus Wang

 

Title: IPSEC VPN #1

 

Type: Security

 

Difficulty: Medium (1 point).

 

Technical Description: Bring connectivity from PC1 to PC2 with just two set commands, encapsulating the packets in IPSEC as they go between DUT1 and DUT2.

 

Topology:

7-Greece-Topology.jpg

 

Challenge Instructions:

For this challenge, you need to start the topology called: “GREECE – IPSEC VPN #1”.

 

Leave the following command running from PC1:

juniper@PC1> ping 172.16.26.1

PING 172.16.26.1 (172.16.26.1): 56 data bytes

/* No reply */

 

You need to fix this situation with just two set commands. What does “two set commands” mean? Either the following sequence in just one router:

 

configure

set <command1>

set <command2>

commit and-quit

 

Or, the following sequence in two different routers (the command can be different on each one):

 

configure

set <command>

commit and-quit

 

Your solution must meet the following conditions:

-       You cannot delete or change existing lines, only add new ones

-       You should not compromise the security of the network

-       You are not allowed to use wildcards, configuration groups, or keywords like any, all, everyone...

 

NOTE: If you see a license error upon commit (JNX_LICENSE_TMP), you can safely ignore it.

 

To solve this challenge submit the configuration change at DUT1 and DUT2 to establish connectivity.

 

NOTE: If you have issues connecting to the Junosphere topology please check Junosphere Technical documentation, or request assistance in the Junosphere forum 

Send an email with your proposed solution to junos-cup@juniper.net:

  •  The subject should be “<country-name-of-the-challenge> -  <your-full-name>”. For example: “Brazil – Wolfgang Amadeus Mozart”.
  • In the email body, please include your proposed solution, along with your first and last name and complete mailing address including zip/postal code and your shirt size (S, M, L, XL, XXL, XXXL)


Some additional notes:

  • Feel free to participate in as many challenges as you like, they are open to everyone and the more you participate the better chance of winning!
  • Green Planet Rules: please start one topology at a time, do not run several topologies in parallel and don't forget to stop your active topology when not in use
  • The answers will be read by the organization right after the deadline
  • The challenge instructions are final, and no additional information or tips will be provided before the publication of the solution and the winner list. Please don’t expect a reply from junos-cup@juniper.net.
  • If you feel that your initial solution is wrong or incomplete, you can send up to three messages for the same challenge, but please note that only your last message (received before the deadline) will be read.
  • If you think there is an error in the definition of the challenges, please send us an email with subject (“<country-name> ERROR”); if there is no reply, then it’s likely an intentional condition of the challenge, rather than an error.

OFFICIAL SOLUTION:

Configure at DUT1 and DUT2:

set security zones security-zone untrust host-inbound-traffic system-services ike

 

Julie Wider
Advocacy Manager
Twitter: @JNetCommunity & @jawider

Labels: