SRX Services Gateway
Highlighted
SRX Services Gateway

VPN Access Issue

‎08-12-2015 10:35 AM

All,

 

Please I need help with my VPN access. I am basically a new B and setting up a lab at home and would want to be able to use VPN into my home network.

 

Below are my settings

 

1.  Comcast Modem as Edge gateway - Pulic IP a.a.a.a in Bridge mode

 

2. My VPN settings

 

gi0/0/0 - has dhcp configured (not sure about this settings)

 

##Access Commands##

set access profile DYN_VPN_ACCESS_PROFILE client love firewall-user password love
set access profile DYN_VPN_ACCESS_PROFILE client guest firewall-user password guest
set access profile DYN_VPN_ACCESS_PROFILE address-assignment pool DYN_VPN_ADDRESS_POOL
set access address-assignment pool DYN_VPN_ADDRESS_POOL family inet network 10.0.0.0/24
set access address-assignment pool DYN_VPN_ADDRESS_POOL family inet xauth-attributes primary-dns 75.75.75.75/32
set access firewall-authentication web-authentication default-profile DYN_VPN_ACCESS_PROFILE
!
!
##VPN Tunnel##

set security ike policy IKE_DYN_VPN_POLICY mode aggressive
set security ike policy IKE_DYN_VPN_POLICY proposal-set standard
set security ike policy IKE_DYN_VPN_POLICY pre-shared-key ascii-text JUNOS
set security ike gateway DYN_VPN_LOCAL_GW ike-policy IKE_DYN_VPN_POLICY
set security ike gateway DYN_VPN_LOCAL_GW dynamic hostname dynvpn
set security ike gateway DYN_VPN_LOCAL_GW dynamic connections-limit 10
set security ike gateway DYN_VPN_LOCAL_GW dynamic ike-user-type group-ike-id
set security ike gateway DYN_VPN_LOCAL_GW external-interface ge-0/0/0.0
set security ike gateway DYN_VPN_LOCAL_GW xauth access-profile DYN_VPN_ACCESS_PROFILE
set security ipsec policy IPSEC_DYN_VPN_POLICY proposal-set standard
set security ipsec vpn DYN_VPN ike gateway DYN_VPN_LOCAL_GW
set security ipsec vpn DYN_VPN ike ipsec-policy IPSEC_DYN_VPN_POLICY
set security policies from-zone WORDLY to-zone MY_WORD policy DYN_VPN_POLICY match source-address any
set security policies from-zone WORDLY to-zone MY_WORD policy DYN_VPN_POLICY match destination-address any
set security policies from-zone WORDLY to-zone MY_WORD policy DYN_VPN_POLICY match application any
set security policies from-zone WORDLY to-zone MY_WORD policy DYN_VPN_POLICY then permit tunnel ipsec-vpn DYN_VPN
set security zones security-zone WORDLY interfaces ge-0/0/0.0 host-inbound-traffic system-services ike
set security zones security-zone WORDLY interfaces ge-0/0/0.0 host-inbound-traffic system-services https
set security zones security-zone WORDLY interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
set security zones security-zone WORDLY interfaces ge-0/0/0.0 host-inbound-traffic system-services trace
!
!
##Assocaite Dynamic VPN with Remote Clients##

set security dynamic-vpn access-profile DYN_VPN_ACCESS_PROFILE
set security dynamic-vpn clients all remote-protected-resources 10.0.0.0/8
set security dynamic-vpn clients all remote-exceptions 0.0.0.0/0
set security dynamic-vpn clients all ipsec-vpn DYN_VPN
set security dynamic-vpn clients all user love
set security dynamic-vpn clients all user guest

 

I am not sure what I am missing here. Been working on this for months. I also want to be able to configure nat after the VPN is setup. I will really appreciate your help. Thanks in advance