Junos
Junos

IPsec tunnel with certificates

a month ago

Hello,

(I am sorry if this is not the correct place to post this)

 

I have been asked to establish an IPSec connection using certificates between Juniper MX-5 (this is the endpoint I control) and other device (still do not have any details about the brand/model) in a remote place.

 

This new tunnel will replace and old one between this juniper and a checkpoing (tunnel only uses psk).

I still have really few experience with Juniper devices and use of certificates for IPsec tunnels.

 

Is this device capable of using certificates of IPsec tunnels?
What kind of certificates can i use? would a GoDaddy SSL certificate work?

 

Thank you very much.

 

rp@AR1> show version
Hostname: AR1
Model: mx5-t
Junos: 13.3R1.8
JUNOS Base OS boot [13.3R1.8]
JUNOS Base OS Software Suite [13.3R1.8]
JUNOS Kernel Software Suite [13.3R1.8]
JUNOS Crypto Software Suite [13.3R1.8]
JUNOS Packet Forwarding Engine Support (MX80) [13.3R1.8]
JUNOS Online Documentation [13.3R1.8]
JUNOS Services Application Level Gateways [13.3R1.8]
JUNOS Services Jflow Container package [13.3R1.8]
JUNOS Services Stateful Firewall [13.3R1.8]
JUNOS Services NAT [13.3R1.8]
JUNOS Services RPM [13.3R1.8]
JUNOS Services Crypto [13.3R1.8]
JUNOS Services SSL [13.3R1.8]
JUNOS Services IPSec [13.3R1.8]
JUNOS Routing Software Suite [13.3R1.8]

rp@AR1> show system license
License usage:
Licenses Licenses Licenses Expiry
Feature name used installed needed
scale-subscriber 0 1000 0 permanent
scale-l2tp 0 1000 0 permanent
scale-mobile-ip 0 1000 0 permanent

Licenses installed: none

5 REPLIES 5
Junos

Re: IPsec tunnel with certificates

a month ago

Hi Ramiro,

 

You can use either CA-signed certificates for your IPSec VPN. Please find the following technical document for more understanding - https://www.juniper.net/documentation/en_US/junos/topics/topic-map/using-digital-certificates-for-ip...

 

 



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Junos

Re: IPsec tunnel with certificates

a month ago

Hello noobmaster! thank you very much for the quick response.

 

In that document it says that "Entrust, VeriSign, and Microsoft" it means I have to get my certificate from only these providers?

 

Do you know about any free to use certificate to test the VPN?

 

Thanks,

Ramiro.

Junos
Solution
Accepted by topic author Ramiro
a month ago

Re: IPsec tunnel with certificates

a month ago

Hi Ramiro,

 

You can get the certificates from any provider you want. Even you can have your own CA to sign the certificate. However, it is not secure because someone has to validate your identity and in order to achieve that we will be involving CA.

 

I generally use the following website to generate the certificate for testing - https://getacert.com/ssl.html



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Junos

Re: IPsec tunnel with certificates

a month ago

Thank you very much for all your help

Junos

Re: IPsec tunnel with certificates

a month ago

Anytime.



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!