Juniper SRX100 Manuel télécharger pdf (Page 7)

APPLICATION NOTE - Quickstart Guide for Branch SRX Series Services Gateways

4. Assign VLAN interface to the default VLAN.

set vlans default l3-interface vlan.0

Note: SRX Series Services Gateways are preconfigured with a system-defined VLAN with name “default” and

VLAN-ID “1.”

5. Assign the VLAN interface to trust security zone.

set security zones security-zone trust interfaces vlan.0

IPsec VPN Configuration

To illustrate the configuration of a site-to-site IPsec tunnel, VPN configuration details will be added to the first

example according to the following design assumptions:

A route-based IPsec VPN with preshared keys is specified between sites.•

The protected network is connected to interface ge-0/0/0 in the trust zone.•

Connectivity to the Internet is through fe-0/0/7 in the untrust zone.•

The remote IPsec endpoint IP address is 1.1.1.2, and the protected subnet at the remote site is 10.1.1.0/24.•

All traffic to the subnet 10.1.1.0/24 is encrypted.•

Figure 2: Corporate and branch-office network infrastructure

ge-0/0/0

192.168.1.0/24

fe-0/0/7

1.1.1.1/30

UNTRUST ZONE

TRUST ZONE

10.1.1.0/24

1.1.1.2/30

Untrust Zone

Trust Zone

1 2 3 4 5 6 7 8 9 10 11

Pas de commentaire

Juniper SRX100 Manuel Page 7