Country Flag: AUSTRALIA
Author: Xingxin Chen
Title: SRX IPSEC VPN #2
Difficulty: High (2 points)
Technical Description: Fix the following configuration so PC1 and PC2 can ping each other, making sure that the traffic goes through the IPSEC VPN tunnel.
For this challenge, you need to start the topology called: “AUSTRALIA – IPSEC VPN #2”
For security reasons, PC1 and PC2 are required to communicate through an IPSEC VPN tunnel. The basic configuration is done, but the VPN tunnel still does not come up.
During this challenge, let the following command run from PC1:
User@PC1> ping 10.10.20.1
PING 10.10.20.1 (10.10.20.1): 56 data bytes
/* No reply */
Fix the tunnel by adding configurations only on the SRX-1, SRX-2, and SRX-3 devices under the following conditions:
- Traffic from PC1 to PC2 must go through the IPSEC VPN tunnel.
- You are not allowed to create more VPN tunnels.
- The only allowed commands in configuration mode are edit, set, commit and quit.
- You are not allowed to use the value “any” in security policies.
NOTE: If you see a license error upon commit (JNX_LICENSE_TMP), you can safely ignore it.
To solve this challenge submit the set commands issued at SRX-1, SRX-2, and SRX-3.
NOTE: If you have issues connecting to the Junosphere topology please check Junosphere Technical documentation, or request assistance in the Junosphere forum
This challenge already reached its deadline.
SRX-1 delta config:
set security ike gateway ike-gw local-identity hostname SRX-1
set security ike gateway ike-gw remote-identity hostname SRX-3
SRX-2 delta config:
set security policies from-zone trust to-zone untrust policy permit-vpn match application junos-ike-nat
SRX-3 delta config:
set security ike gateway ike-gw local-identity hostname SRX-3
set security ike gateway ike-gw remote-identity hostname SRX-1
© 1999 - 2019 Juniper Networks, Inc.
All rights reserved