It is not a secret that low level Juniper SRX devices, like 200 series here, IPSec VPN is not so easy to set up with other s*$%
Here is working set up.
In bellow scenario both sides – firewalls and servers are already configured, including:
- routing
- security policies aka access-lists aka firewall rules
Here are proposals that we will use:
Phase 1 authentication method: PSK Phase 1 exchange mode: Main Phase 1 PSK: OurSmallSecret Phase 1 authentication hash algorithm: SHA-1 Phase 1 encryption algorithm: 3DES Phase 1 DH group: 2 Phase 1 SA lifetime: 7,200 seconds Phase 2 IPsec mode: Tunnel Phase 2 authentication hash algorithm: SHA-1 Phase 2 encryption algorithm: 3DES Phase 2 SA lifetime: 3,600 seconds