{"id":654,"date":"2012-03-15T00:00:00","date_gmt":"2012-03-15T00:00:00","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2012\/03\/15\/srx-dyn\/"},"modified":"2021-07-24T18:18:36","modified_gmt":"2021-07-24T18:18:36","slug":"srx-dyn","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/srx-dyn.html","title":{"rendered":"Juniper SRX – Site to Site VPN using a Dynamic IP address"},"content":{"rendered":"
Within this article we will look at the commands required for configuring a Site to Site VPN when one peer is using a dynamic IP address.<\/p>\n
Note :<\/strong><\/em> This article does not include the VPN configuration in its entirety only the additional\/amended commands required for this scenario.<\/p>\n There are 3 configuration settings that are defined. These are :<\/p>\n Below shows the 4 main configuration settings required on the SRX device configured to use a dynamic IP address.<\/p>\n Note :<\/strong><\/em> The peer IP 88.88.88.88 is the remote peer IP address.<\/p>\n root@srx100> show configuration security ipsec vpn VPN-EXAMPLE root@srx100> show configuration security ike policy IKE-POLICY root@srx100> show configuration security ike gateway IKE-PEER-STATIC Below shows the 3 main configuration settings required on the SRX device configured to use a static IP address.<\/p>\n root@srx100> show configuration security ipsec vpn VPN-EXAMPLE root@srx100> show configuration security ike policy IKE-POLICY root@srx100> show configuration security ike gateway IKE-PEER-DYNAMIC <\/p>\n","protected":false},"excerpt":{"rendered":" Within this article we will look at the commands required for configuring a Site to Site VPN when one peer is using a dynamic IP address. Note : This article does not include the VPN configuration in its entirety only the additional\/amended commands required for this scenario. There are 3 configuration settings that are defined. … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"yoast_head":"\n\n
Dynamic Peer Gateway
<\/strong><\/h3>\n
ike {
gateway IKE-PEER-STATIC;
ipsec-policy IPSEC-POLICY;
}
establish-tunnels immediately;<\/strong><\/span><\/p>\n
mode aggressive;<\/span><\/strong>
proposals [ IKE-DH2-AES256-SHA1 IKE-DH2-AES256-SHA1-1 ];
pre-shared-key ascii-text “####”; ## SECRET-DATA<\/p>\n
ike-policy IKE-POLICY;
address 88.88.88.88;<\/span><\/strong>
dead-peer-detection {
interval 15;
threshold 3;
}
local-identity hostname www.fir3net.com;<\/span><\/strong>
external-interface pp0.0;<\/p>\nStatic IP Gateway
<\/strong><\/h3>\n
ike {
gateway IKE-PEER-DYNAMIC;
ipsec-policy IPSEC-POLICY;
}
establish-tunnels immediately;<\/strong><\/span><\/p>\n
mode aggressive;<\/span><\/strong>
proposals [ IKE-DH2-AES256-SHA1 IKE-DH2-AES256-SHA1-1 ];
pre-shared-key ascii-text “####”; ## SECRET-DATA<\/p>\n
ike-policy IKE-POLICY-VPNRICH;
dynamic hostname www.fir3net.com;<\/span><\/strong>
dead-peer-detection {
interval 15;
threshold 3;
}
<\/span><\/strong>external-interface pp0.0;<\/p>\n