Configure IPsec to a Juniper SSG Firewall

Knowledgebase Tips and Tricks
1

This guide covers configuration an IPsec VPN between Peplink and Juniper SSG firewall. The example assumes the following settings:

IPsec VPN Settings

Peplink WAN IP Address 210.211.10.5 Peplink LAN Network 192.168.2.0/24 Juniper SSG WAN IP Address 66.80.3.1 Juniper SSG LAN Network 192.168.1.0/24 IPsec Phase 1 Authentication SHA-1 ISPEC Phase 1 Encryption AES-128 ISPEC Phase 1 DH Group 2 IPsec Phase 2 Authentication SHA-1 ISPEC Phase 2 Encryption AES-128 ISPEC Phase 2 PFS Group 2

Configure Juniper SSG firewall

Create IPsec VPN Profile

Goto Wizards > Route Based VPN to begin:
  1. Select local and remote interfaces.

    juniper-ipsec-x509-04


  2. Bind the tunnel to untrust interface.

    juniper-ipsec-x509-04b


  3. Select LAN to LAN tunnel.

    juniper-ipsec-x509-04c


  4. Select Local Static IP <> Remote Static IP

    juniper-ipsec-x509-04d


  5. Enter remote IP address of Peplink

    juniper-ipsec-x509-04e


  6. Select 128 bit encryption

    juniper-ipsec-x509-04f


  7. Specify the local and remote networks of the IPsec VPN

    juniper-ipsec-x509-04g


  8. Pass all protocols over VPN in both directions

    juniper-ipsec-x509-04h


  9. Set logging options as needed

    juniper-ipsec-x509-04i


  10. Set Schedule to None

    juniper-ipsec-x509-04j


  11. Click Next then Finish to complete VPN configuration.

    juniper-ipsec-x509-04k

Configure Peplink device

Create IPsec Profile

  1. Goto Network > Interfaces > IPsec VPN to create a new IPsec profile. Give the VPN a meaningful Name and enter the Remote Gateway IP , Remote Networks , and Preshared Key of the Juniper SSG. Select the matching Phase 1 and Phase 2 settings for VPN.
  2. Click Save and the IPsec configuration is now complete.

    juniper-ipsec-01

1 Like