Hi
I have 3 J Series routers. R1 router is J2350 and R2 and R3 routers are J6350. You may download the topology from the link http://www.4shared.com/file/127527992/c3db9620/Drawing1.html. I have configured OSPF and the full network is conversed.
For configuring IPSec VPN i inserted the following commands
R1 [J2350] configuration
CLI commands on R1 J2350 for the Zones.
# set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services all
# set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic protocols all
# set security zones security-zone untrust interfaces ge-0/0/2.0 host-inbound-traffic system-services all
# set security zones security-zone untrust interfaces ge-0/0/2.0 host-inbound-traffic protocols all
# set security policies from-zone trust to-zone untrust policy allow-out match source-address any
# set security policies from-zone trust to-zone untrust policy allow-out match destination-address any
# set security policies from-zone trust to-zone untrust policy allow-out match application any
# set security policies from-zone trust to-zone untrust policy allow-out then permit
# set security policies from-zone untrust to-zone trust policy allow-in match source-address any
# set security policies from-zone untrust to-zone trust policy allow-in match destination-address any
# set security policies from-zone untrust to-zone trust policy allow-in match application any
# set security policies from-zone untrust to-zone trust policy allow-in then permit
# set interfaces st0 unit 0 family inet
# set security zones security-zone vpn interfaces st0.0 host-inbound-traffic system-services all
# set security zones security-zone vpn interfaces st0.0 host-inbound-traffic protocols all
# set security ike policy ike-policy mode main
# set security ike policy ike-policy proposal-set standard
# set security ike policy ike-policy pre-shared-key ascii-text juniper123
# set security ike gateway ike-gate ike-policy ike-policy
# set security ike gateway ike-gate address 172.18.10.3
# set security ike gateway ike-gate external-interface ge-1/0/0.0
# set security ipsec policy ipsec-policy proposal-set standard
# set security ipsec vpn vpn-1 bind-interface st0.0
# set security ipsec vpn vpn-1 ike gateway ike-gate
# set security ipsec vpn vpn-1 ike ipsec-policy ipsec-policy
# set security zones security-zone trust address-book address LAN-1 172.17.201.0/24
# set security zones security-zone vpn address-book address LAN-2 172.25.0.0/24
# set security policies from-zone trust to-zone vpn policy vpn-out match source-address LAN-1
# set security policies from-zone trust to-zone vpn policy vpn-out match destination-address LAN-2
# set security policies from-zone trust to-zone vpn policy vpn-out match application any
# set security policies from-zone trust to-zone vpn policy vpn-out then permit
# set security policies from-zone vpn to-zone trust policy vpn-in match source-address LAN-2
# set security policies from-zone vpn to-zone trust policy vpn-in match destination-address LAN-1
# set security policies from-zone vpn to-zone trust policy vpn-in match application any
# set security policies from-zone vpn to-zone trust policy vpn-in then permit
# set routing-options static route 172.25.0.0/24 next-hop st0.0
Configure of R3[J6350]
# set security zones security-zone trust interfaces ge-0/0/2.0 host-inbound-traffic system-services all
# set security zones security-zone trust interfaces ge-0/0/2.0 host-inbound-traffic protocols all
# set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services all
# set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic protocols all
# set security policies from-zone trust to-zone untrust policy allow-out match source-address any
# set security policies from-zone trust to-zone untrust policy allow-out match destination-address any
# set security policies from-zone trust to-zone untrust policy allow-out match application any
# set security policies from-zone trust to-zone untrust policy allow-out then permit
# set security policies from-zone untrust to-zone trust policy allow-in match source-address any
# set security policies from-zone untrust to-zone trust policy allow-in match destination-address any
# set security policies from-zone untrust to-zone trust policy allow-in match application any
# set security policies from-zone untrust to-zone trust policy allow-in then permit
# set interfaces st0 unit 0 family inet
# set security zones security-zone vpn interfaces st0.0 host-inbound-traffic system-services all
# set security zones security-zone vpn interfaces st0.0 host-inbound-traffic protocols all
# set security ike policy ike-policy mode main
# set security ike policy ike-policy proposal-set standard
# set security ike policy ike-policy pre-shared-key ascii-text juniper123
# set security ike gateway ike-gate ike-policy ike-policy
# set security ike gateway ike-gate address 172.17.200.2
# set security ike gateway ike-gate external-interface ge-0/0/1.0
# set security ipsec policy ipsec-policy proposal-set standard
# set security ipsec vpn vpn-1 bind-interface st0.0
# set security ipsec vpn vpn-1 ike gateway ike-gate
# set security ipsec vpn vpn-1 ike ipsec-policy ipsec-policy
# set security zones security-zone trust address-book address LAN-1 172.25.0.0/24
# set security zones security-zone vpn address-book address LAN-2 172.17.201.0/24
# set security policies from-zone trust to-zone vpn policy vpn-out match source-address LAN-1
# set security policies from-zone trust to-zone vpn policy vpn-out match destination-address LAN-2
# set security policies from-zone trust to-zone vpn policy vpn-out match application any
# set security policies from-zone trust to-zone vpn policy vpn-out then permit
# set security policies from-zone vpn to-zone trust policy vpn-in match source-address LAN-2
# set security policies from-zone vpn to-zone trust policy vpn-in match destination-address LAN-1
# set security policies from-zone vpn to-zone trust policy vpn-in match application any
# set security policies from-zone vpn to-zone trust policy vpn-in then permit
# set routing-options static route 172.17.201.0/24 next-hop st0.0
After that to check whether the tunnel is working or not i gave the following command
# run show security ike security-associates
no result is diplayed
Any idea ??