Hi all,
Thanks for this wonderfull pdf with all the information!!!
I'm having only issue at one of the last step with the configuration of the srx. I tried every possible combi but none did work. Im runnning SRX210H with 12.1R1.9
I did add in the following range:
First interface st0, routing-options, ike proposal, ike policy, acces profile, security flow, ike gateway. So far so good, after every part i did commit with completion. But when i did add the ipsec vpn part, it got bumped. Can someone please advise me whatever is going wrong?
serdar@SRX210# commit [edit security ipsec vpn picotest ike gateway] 'gateway gw_picotest'
Shared or group ike policy cannot refer to route-based vpn
error: commit failed: (statements constraint check failed) [edit] serdar@SRX210# show | compare [edit security ipsec] + vpn picotest { + bind-interface st0.2; + ike { + gateway gw_picotest; + proxy-identity { + local 192.168.0.0/16; + remote 0.0.0.0/0; + service any; + } + ipsec-policy ipsec_pol_picotest; + } + }
serdar@SRX210> show configuration security ike
gateway gw_picotest {
ike-policy ike_pol_picotest;
dynamic {
hostname .local;
ike-user-type group-ike-id;
}
local-identity hostname xxxxxxxxxx.org;
external-interface ge-0/0/0.0; ## this is my interface facing to my ISP
xauth access-profile picotest;
version v2-only;
}