SRX Services Gateway
Highlighted
SRX Services Gateway

SRX ipsec with Fritzbox

2 weeks ago

Good day,

 

i try to esteblish a tunnel with a Juniper SRX 210 on one side and a AVM Fritzbox on the other side.

I found http://ebsa.nl/Home/Site_to_Site_VPN_Juniper_SRX_to_Fritz%21Box and it looks like the tunnel is up but the srx isn't receiving data.  (also with 3des-cbc)

 

There is however a default option to connect to "a company firewall" wich would be the prefered solution

this option requiers "VPN user name (Key ID):" and a PSK.

but i have no idea what the username should be.

 

Any information would be appriciated.

1 REPLY 1
Highlighted
SRX Services Gateway
Solution
Accepted by topic author Koos147
a week ago

Re: SRX ipsec with Fritzbox

2 weeks ago

Looks like the solution is simpeler than expected

On the fritzbox side choose connect to another fritzbox.

 

On the srx

edit security ike

policy fb-test {
    mode aggressive;
    proposal-set compatible;
    pre-shared-key ascii-text "the pre-shared-key"; ## SECRET-DATA
}
gateway fb-test {
    ike-policy fb-test;
    address ip-of-the-fritzbox;
    external-interface ge-0/0/0;
    version v1-only;
}

edit security ipsec

proposal fritzbox {
    protocol esp;
    authentication-algorithm hmac-sha1-96;
    encryption-algorithm aes-256-cbc;
    lifetime-seconds 3600;
}

policy fb-test {
    perfect-forward-secrecy {
        keys group2;
    }
    proposals fritzbox;
}

vpn fb-test {
    bind-interface st0.1;
    ike {
        gateway fb-test;
        ipsec-policy fb-test;
    }
    establish-tunnels immediately;
}