Configuración VPN Site To Site Juniper Cisco

The document describes the configuration of a site-to-site VPN between a Juniper SRX firewall and a Cisco router. It includes the configuration of IKE phase 1 and phase 2 proposals and policies to establish an IPsec tunnel, as well as the associated interface, access list, and policy configurations on both devices to enable secure communication between their LAN networks.

Uploaded by

Antonio Pereda

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

242 views5 pages

Configuración VPN Site To Site Juniper Cisco

Uploaded by

Antonio Pereda

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 5

Configuracin VPN Site to Site Juniper Cisco

Escenario Presentado

Configuracin en Firewall Juniper SRX 220H2

Configuracion de Interfaz Externa set interfaces ge-0/0/0 unit 0 family inet address 190.107.182.194/28

Configuracion de VPN Fase 1 set security ike proposal PROPOSAL-MALL authentication-method pre-shared-keys set security ike proposal PROPOSAL-MALL dh-group group2 set security ike proposal PROPOSAL-MALL authentication-algorithm sha1 set security ike proposal PROPOSAL-MALL encryption-algorithm 3des-cbc set security ike proposal PROPOSAL-MALL lifetime-seconds 28800 set security ike policy POLICY-MALL mode main set security ike policy POLICY-MALL proposals PROPOSAL-MALL set security ike policy POLICY-MALL pre-shared-key ascii-text jun1p3r123 set security ike gateway GATEWAY-MALL ike-policy POLICY-MALL set security ike gateway GATEWAY-MALL address 190.41.185.145 set security ike gateway GATEWAY-MALL external-interface ge-0/0/0.0

Fase 2 set security ipsec proposal PROPOSAL-MALL-PHASEII protocol esp set security ipsec proposal PROPOSAL-MALL-PHASEII authentication-algorithm hmac-sha1-96 set security ipsec proposal PROPOSAL-MALL-PHASEII encryption-algorithm 3des-cbc set security ipsec proposal PROPOSAL-MALL-PHASEII lifetime-seconds 3600 set security ipsec policy POLICY-MALL-PHASEII perfect-forward-secrecy keys group2 set security ipsec policy POLICY-MALL-PHASEII proposals PROPOSAL-MALL-PHASEII set security ipsec vpn VPN-MALL-PHASEII ike gateway GATEWAY-MALL set security ipsec vpn VPN-MALL-PHASEII ike ipsec-policy POLICY-MALL-PHASEII set security ipsec vpn VPN-MALL-PHASEII establish-tunnels immediately

Creacin de Polticas de Zona LAN WAN set security policies from-zone LAN to-zone WAN policy VPN_MB match source-address 10.10.1.0 set security policies from-zone LAN to-zone WAN policy VPN_MB match destination-address 192.168.2.0 set security policies from-zone LAN to-zone WAN policy VPN_MB match application any set security policies from-zone LAN to-zone WAN policy VPN_MB then permit tunnel ipsec-vpn VPN-MALL-PHASEII set security policies from-zone LAN to-zone WAN policy VPN_MB then permit tunnel pair-policy VPN_MB1

WAN LAN set security policies from-zone WAN to-zone LAN policy VPN_MB1 match source-address 192.168.2.0 set security policies from-zone WAN to-zone LAN policy VPN_MB1 match destination-address 10.10.1.0 set security policies from-zone WAN to-zone LAN policy VPN_MB1 match application any set security policies from-zone WAN to-zone LAN policy VPN_MB1 then permit tunnel ipsec-vpn VPN-MALL-PHASEII set security policies from-zone WAN to-zone LAN policy VPN_MB1 then permit tunnel pair-policy VPN_MB

Configuracin en Router Cisco

Configuracin de interfaz Externa

R2(config)#interface fastEthernet 1/0 R2(config-if)#ip address 190.41.185.145 255.255.255.240 R2(config-if)#no shutdown

Configuracion de VPN

Fase 1 R2(config)#crypto isakmp policy 1 R2(config-isakmp)#encryption 3des R2(config-isakmp)#authentication pre-share R2(config-isakmp)#group 2 R2(config-isakmp)#lifetime 28800 R2(config-isakmp)#exit R2(config)#crypto isakmp key 0 jun1p3r123 address 190.107.182.194 R2(config)#crypto isakmp identity hostname R2(config)#crypto isakmp keepalive 10 periodic

Fase 2 R2(config)#crypto ipsec transform-set MUNI_IPSEC esp-3des esp-sha-hmac R2(cfg-crypto-trans)#exit R2(config)#crypto map MUNI_MAP 100 ipsec-isakmp R2(config-crypto-map)#set peer 190.107.182.194 R2(config-crypto-map)#set transform-set MUNI_IPSEC R2(config-crypto-map)#set pfs group2 R2(config-crypto-map)#match address ACL_VPN_MUNI

Configuracin sobre la Interfaz Externa R2(config)#interface fastEthernet 1/0 R2(config-if)#crypto map MUNI_MAP

Configuracion de Access Lists R2(config)#ip access-list extended ACL_VPN_MUNI R2(config-ext-nacl)#permit ip 192.168.2.0 0.0.0.255 10.10.1.0 0.0.0.255

Stress Calculation
No ratings yet
Stress Calculation
17 pages
SECS04L08 - Configuring Cisco Easy VPN Remote Access
No ratings yet
SECS04L08 - Configuring Cisco Easy VPN Remote Access
54 pages
Astros Ii
No ratings yet
Astros Ii
4 pages
Unidad IV Seguridad de Redes 2
No ratings yet
Unidad IV Seguridad de Redes 2
29 pages
How to configure Policy Based VPN on Cisco FTD
No ratings yet
How to configure Policy Based VPN on Cisco FTD
20 pages
Huawei USG Series - Configuracion Server Mapping (NAT Srver)
No ratings yet
Huawei USG Series - Configuracion Server Mapping (NAT Srver)
26 pages
Sem 3 - Configration
No ratings yet
Sem 3 - Configration
6 pages
Cisco rv130w
No ratings yet
Cisco rv130w
11 pages
vpn-ES
No ratings yet
vpn-ES
7 pages
Vlan To Cgnet Cisco Aci To Palo Alto Networks
No ratings yet
Vlan To Cgnet Cisco Aci To Palo Alto Networks
7 pages
20.2.1 Packet Tracer - Configure and Verify A Site-to-Site IPsec VPN Using CLI - ILM
No ratings yet
20.2.1 Packet Tracer - Configure and Verify A Site-to-Site IPsec VPN Using CLI - ILM
6 pages
Mikrotik To Cisco ASA IPsec VPN
No ratings yet
Mikrotik To Cisco ASA IPsec VPN
83 pages
Router 1: Router 3:: ! (Basic Configuration For Connection To Internet) ! (Basic Configuration For Connection To Internet)
No ratings yet
Router 1: Router 3:: ! (Basic Configuration For Connection To Internet) ! (Basic Configuration For Connection To Internet)
6 pages
017_Tip_JMatPro_en
No ratings yet
017_Tip_JMatPro_en
6 pages
Mikrotik Basic Implementation in Enterprise Network: Umair Masood Information Technology Dept Haier Pakistan
No ratings yet
Mikrotik Basic Implementation in Enterprise Network: Umair Masood Information Technology Dept Haier Pakistan
40 pages
Jweb Config Example Policy Based VPN
No ratings yet
Jweb Config Example Policy Based VPN
14 pages
Configuring A VPN Using Easy VPN and An Ipsec Tunnel: Figure 6-1
No ratings yet
Configuring A VPN Using Easy VPN and An Ipsec Tunnel: Figure 6-1
12 pages
S13.s2 - Guia de VPN - IPSec - Acceso Remoto
No ratings yet
S13.s2 - Guia de VPN - IPSec - Acceso Remoto
17 pages
DFL-Series, Configuración VPN
No ratings yet
DFL-Series, Configuración VPN
102 pages
WP Hacme Bank v2 User Guide
No ratings yet
WP Hacme Bank v2 User Guide
74 pages
IPSEC_tunnel_juniper
No ratings yet
IPSEC_tunnel_juniper
11 pages
Zero Trust Network Access: Hands On Lab
No ratings yet
Zero Trust Network Access: Hands On Lab
63 pages
The Plastic Resin Industry of Pakistan
No ratings yet
The Plastic Resin Industry of Pakistan
3 pages
Lsopt
No ratings yet
Lsopt
407 pages
Plantilla Reval Multipagas Encriptacion
No ratings yet
Plantilla Reval Multipagas Encriptacion
2 pages
Easyvpn Router Config CCP 00 PDF
No ratings yet
Easyvpn Router Config CCP 00 PDF
21 pages
FNS10 Mod07
No ratings yet
FNS10 Mod07
81 pages
Sir Syed University of Engineering & Technology
No ratings yet
Sir Syed University of Engineering & Technology
4 pages
Easyvpn Router Config CCP 00
No ratings yet
Easyvpn Router Config CCP 00
21 pages
Lab - 012 VyOS VPN
No ratings yet
Lab - 012 VyOS VPN
5 pages
Edss Lesson Plan 1
No ratings yet
Edss Lesson Plan 1
2 pages
How To Create A VPN Server Using SDM
No ratings yet
How To Create A VPN Server Using SDM
13 pages
VPD in 6+1 Steps: Get Information in Advance
No ratings yet
VPD in 6+1 Steps: Get Information in Advance
3 pages
NETGEAR ProSafe VPN Firewall FVS338 Server
No ratings yet
NETGEAR ProSafe VPN Firewall FVS338 Server
8 pages
SECS04L07 - Configuring Cisco IOS SSL VPN (WebVPN)
No ratings yet
SECS04L07 - Configuring Cisco IOS SSL VPN (WebVPN)
37 pages
Software Engineering (SE) Is A Profession Dedicated
No ratings yet
Software Engineering (SE) Is A Profession Dedicated
8 pages
Pahu Schedule For MPH
No ratings yet
Pahu Schedule For MPH
1 page
Configuring Site To Site IPSec VPN Tunnel Between Cisco Routers
No ratings yet
Configuring Site To Site IPSec VPN Tunnel Between Cisco Routers
5 pages
VPN Pix Private
No ratings yet
VPN Pix Private
13 pages
Configuring A Remote Access VPN With Pulse Secure
No ratings yet
Configuring A Remote Access VPN With Pulse Secure
3 pages
Sinus Penta Brochure
No ratings yet
Sinus Penta Brochure
22 pages
ACM CLUSTER - Existing
No ratings yet
ACM CLUSTER - Existing
2 pages
Classes and Multiform Projects
No ratings yet
Classes and Multiform Projects
26 pages
ASA 5505 Site To Site VPN With PolicyNAT
No ratings yet
ASA 5505 Site To Site VPN With PolicyNAT
10 pages
Electro-Hydraulic Valve Control With Multiair Technology: Cover Story
No ratings yet
Electro-Hydraulic Valve Control With Multiair Technology: Cover Story
8 pages
Configuring A VPN Using Easy VPN and An Ipsec Tunnel: Figure 6-1
No ratings yet
Configuring A VPN Using Easy VPN and An Ipsec Tunnel: Figure 6-1
12 pages
Cisco Easy VPN Server
No ratings yet
Cisco Easy VPN Server
33 pages
Cisco Easy VPN Client For The Cisco 1700 Series Routers: Feature Overview
No ratings yet
Cisco Easy VPN Client For The Cisco 1700 Series Routers: Feature Overview
22 pages
Malleable Catalogue 0
No ratings yet
Malleable Catalogue 0
14 pages
Massive MIMO With Non-Ideal Arbitrary Arrays: Hardware Scaling Laws and Circuit-Aware Design
No ratings yet
Massive MIMO With Non-Ideal Arbitrary Arrays: Hardware Scaling Laws and Circuit-Aware Design
16 pages
VPN Juniper-Forti
No ratings yet
VPN Juniper-Forti
5 pages
Fail Over IPSec Site-to-Site VPN With Redundant Link On FortiGate Firewall
No ratings yet
Fail Over IPSec Site-to-Site VPN With Redundant Link On FortiGate Firewall
17 pages
Interop
No ratings yet
Interop
6 pages
Vpnclient Pix Aes
No ratings yet
Vpnclient Pix Aes
11 pages
Configuring Site To Site Ipsec VPN Tunnel Between Cisco Routers
No ratings yet
Configuring Site To Site Ipsec VPN Tunnel Between Cisco Routers
6 pages
IP Telephony Services: Proprietary and Confidential
No ratings yet
IP Telephony Services: Proprietary and Confidential
30 pages
VPN Settings: VPN-Partner A: (GILAT: Router Cisco) VPN-Partner B: (Cliente Gilat: FW Juniper) Network Settings
No ratings yet
VPN Settings: VPN-Partner A: (GILAT: Router Cisco) VPN-Partner B: (Cliente Gilat: FW Juniper) Network Settings
1 page
EZVPN Configuration Example PDF
No ratings yet
EZVPN Configuration Example PDF
18 pages
Case Study in Improving Tug Escort Procedures
No ratings yet
Case Study in Improving Tug Escort Procedures
7 pages
Site2Site IPSec VPN With Dynamic IP PDF
No ratings yet
Site2Site IPSec VPN With Dynamic IP PDF
15 pages
General Guidelines Conduit Construction For Fiber Optic Use
No ratings yet
General Guidelines Conduit Construction For Fiber Optic Use
2 pages
IPSec VPN in HA Environment
No ratings yet
IPSec VPN in HA Environment
6 pages
Fortigate Multi-Threat Security Systems I Administration, Content Inspection and Basic VPN Access Course 201
No ratings yet
Fortigate Multi-Threat Security Systems I Administration, Content Inspection and Basic VPN Access Course 201
7 pages
Managed Secure SD-WAN 6.4.4: Lab Guide
100% (3)
Managed Secure SD-WAN 6.4.4: Lab Guide
167 pages
Class6 SSCJECrashCourseBySandeepJyaniSir
No ratings yet
Class6 SSCJECrashCourseBySandeepJyaniSir
124 pages
Configuration: L2Tp Over Ipsec VPN
No ratings yet
Configuration: L2Tp Over Ipsec VPN
3 pages
Silva Method PDF
0% (1)
Silva Method PDF
7 pages
Router Vpnclient Pi Stick
No ratings yet
Router Vpnclient Pi Stick
10 pages
Everstrong Pajo STP
No ratings yet
Everstrong Pajo STP
6 pages
Configuring Site To Site IPSec VPN Tunnel Between Cisco Routers
No ratings yet
Configuring Site To Site IPSec VPN Tunnel Between Cisco Routers
4 pages
SRX Series To SSG Series Route-Based VPN Configuration
No ratings yet
SRX Series To SSG Series Route-Based VPN Configuration
3 pages
Convert Serial To IPsec VPN
0% (1)
Convert Serial To IPsec VPN
6 pages
Digital Data Network DDN
No ratings yet
Digital Data Network DDN
24 pages
Intensifying Screens Review
No ratings yet
Intensifying Screens Review
21 pages
H. W. F. Saggs, The Nimrud Letters (1952)
No ratings yet
H. W. F. Saggs, The Nimrud Letters (1952)
30 pages
Configuring Easy VPN With The IOS CLI: Learning Objectives
No ratings yet
Configuring Easy VPN With The IOS CLI: Learning Objectives
26 pages
Saudi Aramco Inspection Checklist: Valve Installation Inspection & Valve Stroking SAIC-L-2043 30-Apr-17 Pipe
100% (1)
Saudi Aramco Inspection Checklist: Valve Installation Inspection & Valve Stroking SAIC-L-2043 30-Apr-17 Pipe
10 pages
2D Array
No ratings yet
2D Array
38 pages
Ccna Security Sba
No ratings yet
Ccna Security Sba
16 pages
Cisco IPSec Easy VPN Server Configuration Guide
No ratings yet
Cisco IPSec Easy VPN Server Configuration Guide
6 pages
Tech Bulletin 95-1060 MCA Oil Canning
No ratings yet
Tech Bulletin 95-1060 MCA Oil Canning
2 pages
FortiGate 7.4 Admin Study Notes: 499 Study Notes for Accelerated Certification Success
From Everand
FortiGate 7.4 Admin Study Notes: 499 Study Notes for Accelerated Certification Success
Steve Brown
No ratings yet
Juniper Configurare
No ratings yet
Juniper Configurare
40 pages
How To Setup A Routed IPSEC VPN Tunnel From Juniper SRX UTM Firewall To Draytek 2820 ADSL Firewall Router
No ratings yet
How To Setup A Routed IPSEC VPN Tunnel From Juniper SRX UTM Firewall To Draytek 2820 ADSL Firewall Router
7 pages
Ronan Instrument
No ratings yet
Ronan Instrument
11 pages
Practical Injection Molding
100% (7)
Practical Injection Molding
234 pages
Learn Jazz Piano, by Scot Ranney
100% (1)
Learn Jazz Piano, by Scot Ranney
12 pages
CCNA Exam Excellence: Study Guide & Practice Tests
From Everand
CCNA Exam Excellence: Study Guide & Practice Tests
SUJAN
No ratings yet
CCNA Exam Focus: Study Guide with Practice Tests
From Everand
CCNA Exam Focus: Study Guide with Practice Tests
SUJAN
No ratings yet
LEARN MPLS FROM SCRATCH PART-B: A Beginners guide to next level of networking
From Everand
LEARN MPLS FROM SCRATCH PART-B: A Beginners guide to next level of networking
POONAM DEVI
No ratings yet
Network Security All-in-one: ASA Firepower WSA Umbrella VPN ISE Layer 2 Security
From Everand
Network Security All-in-one: ASA Firepower WSA Umbrella VPN ISE Layer 2 Security
Redouane MEDDANE
No ratings yet
Network with Practical Labs Configuration: Step by Step configuration of Router and Switch configuration
From Everand
Network with Practical Labs Configuration: Step by Step configuration of Router and Switch configuration
Mulayam Singh
No ratings yet
WAN TECHNOLOGY FRAME-RELAY: An Expert's Handbook of Navigating Frame Relay Networks
From Everand
WAN TECHNOLOGY FRAME-RELAY: An Expert's Handbook of Navigating Frame Relay Networks
Mamta Devi
No ratings yet
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
From Everand
CISCO PACKET TRACER LABS: Best practice of configuring or troubleshooting Network
Mulayam Singh
No ratings yet
Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3
From Everand
Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3
Ramon Nastase
4.5/5 (2)