IPSEC VPN between Juniper SRXes using Certificates from CAcert

This is a simple IPSEC VPN that uses PKI for IKE key exchange using certificates from CAcert.org.

Topics

1. Initial Setup
2. VPN with Preshared Keys
3. Preparking for PKI
4. VPN with PKI

Inital Setup

This small demo uses two Juniper SRX210HEs, SRX210-1 and SRX210-2, that are cabled back to back using port fe-0/0/7 on each device. Port fe-0/0/6 is used for managment of each SRX.

A secure tunnel, st0.0, is setup between the two SRX devices. IP addressing is shown on the diagram.

Last page update 15 Dec 2013

IPSEC VPN between Juniper SRXes using Certificates from CAcert by Blackhole Networks is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.
Concerning comments and/or errors, please contact OSPF