Thursday, January 15, 2009

Juniper SSG route-based tunnel

=======
Site-A:
-------
Internet IP = 1.1.1.1
Internet interface = eth0/0
Internet gateway = 1.1.1.254
Tunnel IP = 10.1.1.1
Tunnel interface = tun.1
=======
Site-B:
-------
Internet IP = 2.2.2.2
Internet interface = eth0/0
Internet gateway = 2.2.2.254
Tunnel IP = 10.1.1.2
Tunnel interface = tun.1
=======
Pre-share key string:
"VerySecureString"
=======
#==========================
# Site-A config (tunnel.1)
#==========================
set vr trust
set route 2.2.2.2/32 gateway 1.1.1.254
exit
set int tun.1 zone VPN
set int tun.1 ip 10.1.1.1/30

set ike gateway SITE-B-IP address 2.2.2.2 aggressive outgoing-interface eth0/0 preshare VerySecureString sec-level standard

set vpn VPN-B gateway SITE-B-IP sec-level standard
set vpn VPN-B bind interface tun.1
set vpn VPN-B monitor rekey
set vpnmon interval 2
set vpnmon threshold 5

#==========================
# Site-B config (tunnel.1)
#==========================
set vr trust
set route 1.1.1.1/32 gateway 2.2.2.254
exit
set int tun.1 zone VPN
set int tun.1 ip 10.1.1.2/30

set ike gateway SITE-A-IP address 1.1.1.1 aggressive outgoing-interface eth0/0 preshare VerySecureString sec-level standard

set vpn VPN-A gateway SITE-A-IP sec-level standard
set vpn VPN-A bind interface tun.1
set vpn VPN-A monitor rekey
set vpnmon interval 2
set vpnmon threshold 5
#==========================

No comments: