Junos OS

last person joined: 2 days ago 

Ask questions and share experiences about Junos OS.

  • 1.  IPsec tunnel with certificates

    Posted 08-19-2019 05:20

    Hello,

    (I am sorry if this is not the correct place to post this)

     

    I have been asked to establish an IPSec connection using certificates between Juniper MX-5 (this is the endpoint I control) and other device (still do not have any details about the brand/model) in a remote place.

     

    This new tunnel will replace and old one between this juniper and a checkpoing (tunnel only uses psk).

    I still have really few experience with Juniper devices and use of certificates for IPsec tunnels.

     

    Is this device capable of using certificates of IPsec tunnels?
    What kind of certificates can i use? would a GoDaddy SSL certificate work?

     

    Thank you very much.

     

    rp@AR1> show version
    Hostname: AR1
    Model: mx5-t
    Junos: 13.3R1.8
    JUNOS Base OS boot [13.3R1.8]
    JUNOS Base OS Software Suite [13.3R1.8]
    JUNOS Kernel Software Suite [13.3R1.8]
    JUNOS Crypto Software Suite [13.3R1.8]
    JUNOS Packet Forwarding Engine Support (MX80) [13.3R1.8]
    JUNOS Online Documentation [13.3R1.8]
    JUNOS Services Application Level Gateways [13.3R1.8]
    JUNOS Services Jflow Container package [13.3R1.8]
    JUNOS Services Stateful Firewall [13.3R1.8]
    JUNOS Services NAT [13.3R1.8]
    JUNOS Services RPM [13.3R1.8]
    JUNOS Services Crypto [13.3R1.8]
    JUNOS Services SSL [13.3R1.8]
    JUNOS Services IPSec [13.3R1.8]
    JUNOS Routing Software Suite [13.3R1.8]

    rp@AR1> show system license
    License usage:
    Licenses Licenses Licenses Expiry
    Feature name used installed needed
    scale-subscriber 0 1000 0 permanent
    scale-l2tp 0 1000 0 permanent
    scale-mobile-ip 0 1000 0 permanent

    Licenses installed: none


    #IPseccertificatesmx5vpn


  • 2.  RE: IPsec tunnel with certificates

    Posted 08-19-2019 05:35

    Hi Ramiro,

     

    You can use either CA-signed certificates for your IPSec VPN. Please find the following technical document for more understanding - https://www.juniper.net/documentation/en_US/junos/topics/topic-map/using-digital-certificates-for-ipsec.html

     

     



  • 3.  RE: IPsec tunnel with certificates

    Posted 08-19-2019 06:06

    Hello noobmaster! thank you very much for the quick response.

     

    In that document it says that "Entrust, VeriSign, and Microsoft" it means I have to get my certificate from only these providers?

     

    Do you know about any free to use certificate to test the VPN?

     

    Thanks,

    Ramiro.



  • 4.  RE: IPsec tunnel with certificates
    Best Answer

    Posted 08-19-2019 06:26

    Hi Ramiro,

     

    You can get the certificates from any provider you want. Even you can have your own CA to sign the certificate. However, it is not secure because someone has to validate your identity and in order to achieve that we will be involving CA.

     

    I generally use the following website to generate the certificate for testing - https://getacert.com/ssl.html



  • 5.  RE: IPsec tunnel with certificates

    Posted 08-19-2019 06:33

    Thank you very much for all your help



  • 6.  RE: IPsec tunnel with certificates

    Posted 08-19-2019 06:52

    Anytime.