allenk1/Juniper SRX VPN Config

## Juniper SRX VPN Config
set security ike proposal prop-AWS authentication-method pre-shared-keys
set security ike proposal prop-AWS dh-group group2
set security ike proposal prop-AWS authentication-algorithm sha1
set security ike proposal prop-AWS encryption-algorithm 3des-cbc
set security ike proposal prop-AWS lifetime-seconds 7200
set security ike policy pol-AWS mode main
set security ike policy pol-AWS proposals prop-AWS
set security ike policy pol-AWS pre-shared-key ascii-text <<PRE-SHARED KEY>>
set security ike gateway AWS ike-policy pol-AWS
set security ike gateway AWS address 52.24.85.249
set security ike gateway AWS external-interface <<PUBLIC INTERFACE>>
set security ipsec proposal prop-AWS protocol esp
set security ipsec proposal prop-AWS authentication-algorithm hmac-sha1-96
set security ipsec proposal prop-AWS encryption-algorithm 3des-cbc
set security ipsec proposal prop-AWS lifetime-seconds 3600
set security ipsec policy pol-AWS proposals prop-AWS
set security ipsec vpn AWS-VPN bind-interface st0.3
set security ipsec vpn AWS-VPN ike gateway AWS
set security ipsec vpn AWS-VPN ike proxy-identity local <<LOCAL IP SCOPE>>
set security ipsec vpn AWS-VPN ike proxy-identity remote 10.0.0.0/16
set security ipsec vpn AWS-VPN ike ipsec-policy pol-AWS
set security ipsec vpn AWS-VPN establish-tunnels immediately
set security zone security-zone AWS interfaces st0.3
security zones security-zone Internet interfaces <<PUBLIC INTERFACE>> host-inbound-traffic system-services ike
set security policies from-zone AWS to-zone CLG-CORP-PRIV policy AllowAWS match source-address any
set security policies from-zone AWS to-zone CLG-CORP-PRIV policy AllowAWS match destination-address any
set security policies from-zone AWS to-zone CLG-CORP-PRIV policy AllowAWS match application any
set security policies from-zone AWS to-zone CLG-CORP-PRIV policy AllowAWS then permit
set security policies from-zone CLG-CORP-PRIV to-zone AWS policy AllowAWS match source-address any
set security policies from-zone CLG-CORP-PRIV to-zone AWS policy AllowAWS match destination-address any
set security policies from-zone CLG-CORP-PRIV to-zone AWS policy AllowAWS match application any
set security policies from-zone CLG-CORP-PRIV to-zone AWS policy AllowAWS then permit
	set security ike proposal prop-AWS authentication-method pre-shared-keys
	set security ike proposal prop-AWS dh-group group2
	set security ike proposal prop-AWS authentication-algorithm sha1
	set security ike proposal prop-AWS encryption-algorithm 3des-cbc
	set security ike proposal prop-AWS lifetime-seconds 7200
	set security ike policy pol-AWS mode main
	set security ike policy pol-AWS proposals prop-AWS
	set security ike policy pol-AWS pre-shared-key ascii-text <<PRE-SHARED KEY>>
	set security ike gateway AWS ike-policy pol-AWS
	set security ike gateway AWS address 52.24.85.249
	set security ike gateway AWS external-interface <<PUBLIC INTERFACE>>
	set security ipsec proposal prop-AWS protocol esp
	set security ipsec proposal prop-AWS authentication-algorithm hmac-sha1-96
	set security ipsec proposal prop-AWS encryption-algorithm 3des-cbc
	set security ipsec proposal prop-AWS lifetime-seconds 3600
	set security ipsec policy pol-AWS proposals prop-AWS
	set security ipsec vpn AWS-VPN bind-interface st0.3
	set security ipsec vpn AWS-VPN ike gateway AWS
	set security ipsec vpn AWS-VPN ike proxy-identity local <<LOCAL IP SCOPE>>
	set security ipsec vpn AWS-VPN ike proxy-identity remote 10.0.0.0/16
	set security ipsec vpn AWS-VPN ike ipsec-policy pol-AWS
	set security ipsec vpn AWS-VPN establish-tunnels immediately
	set security zone security-zone AWS interfaces st0.3
	security zones security-zone Internet interfaces <<PUBLIC INTERFACE>> host-inbound-traffic system-services ike
	set security policies from-zone AWS to-zone CLG-CORP-PRIV policy AllowAWS match source-address any
	set security policies from-zone AWS to-zone CLG-CORP-PRIV policy AllowAWS match destination-address any
	set security policies from-zone AWS to-zone CLG-CORP-PRIV policy AllowAWS match application any
	set security policies from-zone AWS to-zone CLG-CORP-PRIV policy AllowAWS then permit
	set security policies from-zone CLG-CORP-PRIV to-zone AWS policy AllowAWS match source-address any
	set security policies from-zone CLG-CORP-PRIV to-zone AWS policy AllowAWS match destination-address any
	set security policies from-zone CLG-CORP-PRIV to-zone AWS policy AllowAWS match application any
	set security policies from-zone CLG-CORP-PRIV to-zone AWS policy AllowAWS then permit