So I've just inherited a couple of SRX210h firewalls and I'm in the process of learning me some JunOS (finally). I've found a VPN tunnel on one of them that connects my customer's old service provider to their network, and I need to make this go away. Being new to JunOS and this being their most critical network device I'm thinking that I want to do this quickly right now and I'll go back and clean it out once I know what the hell I'm doing. So my question is can I just do a 'set interfaces st0.0 disable' and call it a day on this one?
Here's the config:
Code:
ike {
proposal ike-sha1-aes256-pre-g5 {
authentication-method pre-shared-keys;
dh-group group5;
authentication-algorithm sha1;
encryption-algorithm aes-256-cbc;
}
policy ike-policy {
mode main;
proposals ike-sha1-aes256-pre-g5;
pre-shared-key ascii-text "BLAH"; ## SECRET-DATA
}
gateway gw {
ike-policy ike-policy;
address x.x.x.x;
external-interface reth4;
}
}
ipsec {
proposal p2-esp-sha1-aes256 {
protocol esp;
authentication-algorithm hmac-sha1-96;
encryption-algorithm aes-256-cbc;
lifetime-seconds 28800;
}
policy p2-policy {
perfect-forward-secrecy {
keys group5;
}
proposals p2-esp-sha1-aes256;
}
vpn vpn {
bind-interface st0.0;
ike {
gateway -gw;
proxy-identity {
local x.x.x.x/24;
remote x.x.x.x/16;
}
ipsec-policy p2-policy;
}
establish-tunnels immediately;
}
}
Register
Search 
Login
