Pagina Principal ARTIGOS Network

Configurando VPN Juniper x Huawei

Durante minhas atuações em ambiente de clientes, fora necessário o provisionamento de uma VPN entre Juniper SRX com equipamento da Huawei.

Conseguimos estabelecer o túnel baseado nos scripts abaixo:


JUNIPER

set security ike proposal *NAME* authentication-method pre-shared-keys

set security ike proposal *NAME* dh-group group2

set security ike proposal *NAME* encryption-algorithm 3des-cbc

set security ike proposal *NAME* lifetime-seconds 28800

set security ike policy *NAME* mode main

set security ike policy *NAME* proposals *NAME*

set security ike policy *NAME* pre-shared-key ascii-text "senha"

set security ike gateway *NAME* ike-policy *NAME*

set security ike gateway *NAME* address xxx.xxx.xxx.xxx

set security ike gateway *NAME* external-interface ge-0/0/0.0

fase2

set security ipsec proposal *NAME* protocol esp

set securityipsecproposal *NAME* authentication-algorithm hmac-sha1-96

set securityipsecproposal *NAME* encryption-algorithm 3des-cbc

set securityipsecproposal *NAME* lifetime-seconds 3600

set security ipsec policy *NAME* perfect-forward-secrecy keys group2

set securityipsecpolicy *NAME* proposals *NAME*

set security ipsec vpn *NAME1* df-bit copy

set securityipsecvpn *NAME1* ike gateway *NAME*

set securityipsecvpn *NAME1* ike ipsec-policy *NAME*

 

HUAWEI

ike proposal 1

 encryption-algorithm 3des-cbc

 dh group2

 sa duration 28800

#

ike peer VPN1 v1

 pre-shared-key cipher @H&H@&GH&g3*GV#*¨*@G@

 ike-proposal 1

 remote-address 192.168.0.1

#

ipsec proposal VPN1

 esp authentication-algorithm sha1

 esp encryption-algorithm 3des

#

ipsec policy VPN 1 isakmp

 security acl 3999

 pfs dh-group2

 ike-peer VPN1

 proposal VPN1

 tunnel local binding-interface

#

 

 

.