IPSEC VPN between Juniper SRXes using Certificates from CAcert

This is a simple IPSEC VPN that uses PKI for IKE key exchange using certificates from CAcert.org.

Inital Setup

This small demo uses two Juniper SRX210HEs, SRX210-1 and SRX210-2, that are cabled back to back using port fe-0/0/7 on each device. Port fe-0/0/6 is used for managment of each SRX.

A secure tunnel, st0.0, is setup between the two SRX devices. IP addressing is shown on the diagram.