SRX Services Gateway
SRX Services Gateway

Try the new Site-to-Site VPN Configuration Tool (beta)

[ Edited ]
08.24.09   |  
‎08-24-2009 03:24 PM

Hello.

We have a new configuration tool (beta) to assist you with your Site-to-Site VPN configurations on SRX Series and J Series devices:

Site-to-Site VPN Configuration Tool


Please provide feedback by clicking the 'Comments' link in the right-hand column of the tool to tell us what you think!


Regards,

Josine Pentin

eSupport team

Message Edited by PentinProcessor on 08-25-2009 07:29 AM
20 REPLIES
SRX Services Gateway

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

08.25.09   |  
‎08-25-2009 08:34 AM

IMPORTANT NOTE:

 

We inadvertently posted the un-encrypted URL so please change any bookmarks you may have to the following:

    https://www.juniper.net/customers/support/configtools/vpnconfig.html

The tool requires potentially sensitive input (IP addresses, etc) and so should only be used via HTTPS/SSL.

 

We also require that you be logged in to use the tool. This helps us with our measurements for usage and is also an un-abashed attempt to get more people to register (your J-Net registration should be sufficient - if there are any problems please let us know).

 
Regards,
Josine Pentin
eSupport team

SRX Services Gateway

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

09.05.09   |  
‎09-05-2009 12:06 PM
Cool!!
best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
SRX Services Gateway

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

[ Edited ]
09.13.09   |  
‎09-13-2009 12:53 PM

Does Juniper offer a comparable technology to Cisco's DMVPN with NHRP?

 

I have read a Juniper web page (Juniper wont allow me to post the link here) and it seems that Juniper does NOT support direct, spoke to spoke tunneling. All traffic has to go through the hub, it seems (hub and spoke).

 

Am I wrong?

 

Is there another flavor of site to site VPN other than what I am reading at this link?

 

It also seems ot be the casethat the hub must always be configured as you add new spokes and that there is no automatic and dynamic discovery of the spoke as there is with NHRP. NHTP (or whatever Juniper calls it) does not seem to offer the same functionality as NHRP.

 

Am I correct?

 

Thanks!

Message Edited by Juniper_Newbie on 09-13-2009 12:56 PM
SRX Services Gateway

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

09.15.09   |  
‎09-15-2009 08:34 PM
Yes there is auto connect vpn (ACVPN) which is currently only supported only screenos.
SRX Services Gateway

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

03.25.10   |  
‎03-25-2010 05:34 PM

how can I get it to shove a GRE tunnel through the IPSec?  The tool seems to be good for very simple scenarios, but I'm trying to peer with a Cisco router that cannot do route-based VPN's, so we are using GRE over IPSec.  I can't seem to get it to work.

SRX Services Gateway

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

09.07.10   |  
‎09-07-2010 03:31 AM

of course it will help for all  configuring vpn in juniper devices only ?????

SRX Services Gateway

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

10.08.10   |  
‎10-08-2010 09:41 PM

Look at "set security group-vpn" on 10.2R2+ (i think) or 10.3.

Theodore E Van Iderstine
Stream Networks
+1 678 373 4200 x125
JNCIA-ER (expired), JNCIA-SSL (ditto)
SRX Services Gateway

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

06.13.11   |  
‎06-13-2011 01:46 AM

The comment page is not working for me.

 

Not sure if its correct, but for me only the "local static to remote static" option is working. Also, its not possible to have a default route to the remote site. i.e the remote network cannot be 0/0.

SRX Services Gateway

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

10.28.11   |  
‎10-28-2011 12:43 PM

Does this tool still work? I have tried in 3 different browsers and connot get it to generate a config. It seems to not like anything I put in the Public Network Interface (G) field - or at least it turns yellow when I hit the generate config button. Basically when I press the config button it turns the fileds green and says "Please Wait..." I have used it in the past successfully, but wondering if something is broken.

 

Thanks,

Jason

SRX Services Gateway

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

10.29.11   |  
‎10-29-2011 09:15 PM

tools didn't seem to be working, got the "please wait" after submit the request.....

 

thanks

SRX Services Gateway

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

11.16.11   |  
‎11-16-2011 04:24 PM

Bad library update. We did a rollback and should be working now.

SRX Services Gateway

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

01.27.12   |  
‎01-27-2012 01:50 PM

Tool is AWESOME!  Thanks!  Now I just can't figure out why I can not ping accross the VPN.  No policies deny this.  Err!

SRX Services Gateway

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

04.02.12   |  
‎04-02-2012 03:53 PM

Juniper's stuff not working seems to be a common theme as of late

SRX Services Gateway

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

03.23.13   |  
‎03-23-2013 07:40 AM

Great tool, thanks

Regards

Charlie M
JNCIP-SP, JNCSP-SP
SRX Services Gateway

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

06.05.13   |  
‎06-05-2013 12:48 PM

Another Fail by Juniper, the H option only allows you to use static VPN to Static VPN, although in the information icon it clearly has muliple selection that should be able to select. 

 

We have bought and paid for 6 SRX firewalls and Juniper apparently has big issues with VPN's. We decided to choose Juniper as they were already on our network and field sites yet all my heart burn has been with VPN's and I have many of Juniper ATAC's working on issues that are over a month old, that they want to downgrade without fixing the issues. We are  very close to getting the legal department involved in this big purchase we made last november. 

 

How about getting SRX (static) to SSG (Dynamic) working. I have spent more time on these VPN's then an other firewll I have every dealt with. I have installed Symantecs, Check Point, Cyberguard, ASA, PIXs, and Sidewinders with no where near the issues that these SRX's have. not to mention the complete fail of VPN's in the virtual firewall, did I mention the 7500.00 exspense for the virtual firewall that we are unable to use because of these tunnels. What a waste of tax payers money.

 

SRX Services Gateway

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

06.15.13   |  
‎06-15-2013 06:33 PM

"Please provide feedback by clicking the 'Comments' link in the right-hand column of the tool to tell us what you think!"

 

There is no "Comments" link. Fail.

 

It's site-to-site. It only generates the config for one side. So, something less than a 50% score.

SRX Services Gateway

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

10.22.13   |  
‎10-22-2013 07:18 PM

Looks good

SRX Services Gateway

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

11.17.13   |  
‎11-17-2013 11:37 PM

it is very good .

Thanks
Maung Tan
data edge limited
SRX Services Gateway

Re: Try the new Site-to-Site VPN Configuration Tool (beta)

06.03.15   |  
‎06-03-2015 01:31 PM

This is amazing, thats for taking the time to make this tool.

JNCIA-Junos