Monday, September 23, 2013

Juniper SRX vpn automation tool

Here in this post, we will look at a VPN config tool. It's straight forward & simple to use if you don't want to learn how to build a vpn-ipsec tunnels.

In my former job, that was one lacking area;  "tools creation". We had a whole team allocated for tools creation, and it was pretty much sad. They stress standard tools for configuration, but they pretty much sucked at what they put together or the interface was convoluted or  badly written &  with no easy help/howto

The folks at juniper on the other hand, built a very well thought out tool, that's so simple to use. It straight forward, nice interface, and easy to follow that even a caveman can do it;

http://ahallm3.files.wordpress.com/2011/12/geico-caveman-airport.jpg

1st here a screen shot;



And the generated config details;


And finally the link to it all;

https://www.juniper.net/customers/support/configtools/vpnconfig.html


I want to highlight the following;

IMPORTANT NOTE: This tool does not perform error checking against your existing configuration.
If a misspelled or incorrect zone, interface or network address is specified, it may report errors when you copy the configuration onto your device






Just this morning, I rolled out 27 vpn-tunnels for a client of mine on a SRX3600b. I used this as my template but change the ipsec-policy from  the default standard to my own customize.



Ken Felix
Freelance Network / Security Engineer
kfelix  ----a---t---socpuppets ---d---o---t---com

     ^      ^
=(  @   @ )=
          o
       /     \

No comments:

Post a Comment