Set security ike proposal azure-proposal lifetime-seconds 28800 Set security ike proposal azure-proposal encryption-algorithm aes-256-cbc Set security ike proposal azure-proposal authentication-algorithm sha1 Set security ike proposal azure-proposal dh-group group2 Set security ike proposal azure-proposal authentication-method pre-shared-keys One big change we made based on the above was to use a security zone for Azure and not just add another interface to the Internet zone. The bold is where we had to add our specifics. The non-bold are pretty much the advised configuration straight from Microsoft.
So our configuration for Azure so far looks like this. It at least pointed me into creating a security zone for Azure and not just hanging it off the Internet zone as Microsoft’s guidance would have you.
There are a few typos and some incorrect commands – but they are minor. The following article link was very useful. So by creating a new interface unit under st0 as st0.10 the VPN was at least firing into action and began to negotiate. Eventually I came across this:Ĭurrently, SRX does not support the ST1 tunnel interface to terminate VPN connections by design. My biggest failure with the SRX was to use st1 as the interface. You have to assume that Azure just works. Get your device side right and do your debugging from there and let Azure sit and just do it’s thing. We’ve got some consultants in setting up the Azure side of the VPN and once I got into the portal I laughed at how much they were charging for turning on the VPN feature and setting a private key – that’s it! There’s very little control to be able to do anything else and if you want logs to see why things aren’t going to plan, you’d better rely on your own device for that.Īfter a couple of hours they’d written some PowerShell to gather some information that was stale because we’d already moved on past that particular error.īut that said, the Azure side just works. Not just with Juniper, but a range of firewalls. Microsoft have a Github page with not just guidance, but specific configuration examples to help do this. This means we need to setup an IPSec VPN between the Juniper SRX and Azure. I’m not a Microsoft fan, and think it’s overpriced for the functionality we’ll actually use. We’re getting on the Microsoft Office 366 and band wagon.
0 kommentar(er)
