Skip to content

Instantly share code, notes, and snippets.

@wataash

wataash/juniper-ipsec.md

Last active September 13, 2019 03:52
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save wataash/a7ae5c0493df8aab4b22fc40dc4c5812 to your computer and use it in GitHub Desktop.
Save wataash/a7ae5c0493df8aab4b22fc40dc4c5812 to your computer and use it in GitHub Desktop.
Download ZIP
Juniper SRX日本語マニュアル 05.ポリシーベース IPsec VPNのCLI設定 の正誤
Raw
juniper-ipsec.md

https://www.slideshare.net/Juniper_Networks_Japan_Tech/juniper-srx05-ipsec-vpncli

④ セキュリティゾーン設定 の

機器 A の設定
user@srx# set security zones security-zone VPN address-book address 192.168.2.0 192.168.2.0/24
機器 B の設定
user@srx# set security zones security-zone VPN address-book address 192.168.1.0 192.168.1.0/24

は、それぞれ

機器 A の設定
user@srx# set security zones security-zone Untrust address-book address 192.168.2.0 192.168.2.0/24
機器 B の設定
user@srx# set security zones security-zone Untrust address-book address 192.168.1.0 192.168.1.0/24

が正しいかと思われます。security-zone Untrust address-book ... が無い場合、以下のようにエラーとなります。

[edit]
root@SRX300-A# commit
[edit security policies from-zone Trust to-zone Untrust]
  'policy TtoU'
    Destination address or address_set (192.168.2.0) not found.
error: configuration check-out failed

この訂正を入れた場合、正常にsecurity-associationsが確立できて、ESPパケットを観測できました。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment