O'Reilly logo

Junos Security by James Quinn, Timothy Eberhard, Patricio Giecco, Brad Woodberg, Rob Cameron

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

IPsec VPN Configuration

Now that we have broken down the individual components of IPsec VPNs, let’s examine how to put these features into practice on the SRX with the configuration of a hub and spoke VPN.

Since certain aspects of VPNs can only have single attributes (e.g., preshared key or certificates, but not both), we will cover some configuration elements that do not apply to our actual VPN infrastructure. Figure 6-6 shows a network diagram of the IPsec VPN infrastructure that is being implemented. We’ll cover the various configuration elements in the order they should be configured, since certain elements reference other aspects of the configuration.

IPsec VPN infrastructure

Figure 6-6. IPsec VPN infrastructure

Configuring NTP

Although we covered NTP configuration earlier in the book, it is a very important function of VPN, so we will reiterate how to configure it here. The following configuration assumes that you already have network connectivity and routing set up (you can also use domain names as your NTP servers, so long as you have DNS configured; also, note that the SRX will resolve the name and place it into the final configuration):

[edit]
root@SRX3600-1# set system name-server 4.2.2.2

[edit]
root@SRX3600-1# set system ntp server pool.ntp.org

[edit]
root@SRX3600-1# show system
host-name SRX3600-1;
domain-name jnpr.net;
name-server {
    4.2.2.2;
}
ntp {
    server 74.207.249.60;
}

Certificate Preconfiguration ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required