SRX Services Gateway
SRX Services Gateway

SRX ipsec with Fritzbox

2 weeks ago

Good day,


i try to esteblish a tunnel with a Juniper SRX 210 on one side and a AVM Fritzbox on the other side.

I found and it looks like the tunnel is up but the srx isn't receiving data.  (also with 3des-cbc)


There is however a default option to connect to "a company firewall" wich would be the prefered solution

this option requiers "VPN user name (Key ID):" and a PSK.

but i have no idea what the username should be.


Any information would be appriciated.

SRX Services Gateway
Accepted by topic author Koos147
a week ago

Re: SRX ipsec with Fritzbox

2 weeks ago

Looks like the solution is simpeler than expected

On the fritzbox side choose connect to another fritzbox.


On the srx

edit security ike

policy fb-test {
    mode aggressive;
    proposal-set compatible;
    pre-shared-key ascii-text "the pre-shared-key"; ## SECRET-DATA
gateway fb-test {
    ike-policy fb-test;
    address ip-of-the-fritzbox;
    external-interface ge-0/0/0;
    version v1-only;

edit security ipsec

proposal fritzbox {
    protocol esp;
    authentication-algorithm hmac-sha1-96;
    encryption-algorithm aes-256-cbc;
    lifetime-seconds 3600;

policy fb-test {
    perfect-forward-secrecy {
        keys group2;
    proposals fritzbox;

vpn fb-test {
    bind-interface st0.1;
    ike {
        gateway fb-test;
        ipsec-policy fb-test;
    establish-tunnels immediately;