manual
Copyright © 2009, Juniper Networks, Inc. 5
APPLICATION NOTE - Quickstart Guide for Branch SRX Series Services Gateways
4. Assign VLAN interface to the default VLAN.
set vlans default l3-interface vlan.0
Note: SRX Series Services Gateways are preconfigured with a system-defined VLAN with name “default” and
VLAN-ID “1.”
5. Assign the VLAN interface to trust security zone.
set security zones security-zone trust interfaces vlan.0
IPsec VPN Configuration
To illustrate the configuration of a site-to-site IPsec tunnel, VPN configuration details will be added to the first
example according to the following design assumptions:
A route-based IPsec VPN with preshared keys is specified between sites.•
The protected network is connected to interface ge-0/0/0 in the trust zone.•
Connectivity to the Internet is through fe-0/0/7 in the untrust zone.•
The remote IPsec endpoint IP address is 1.1.1.2, and the protected subnet at the remote site is 10.1.1.0/24.•
All traffic to the subnet 10.1.1.0/24 is encrypted.•
Figure 2: Corporate and branch-office network infrastructure
ge-0/0/0
192.168.1.0/24
fe-0/0/7
1.1.1.1/30
UNTRUST ZONE
TRUST ZONE
10.1.1.0/24
1.1.1.2/30
Untrust Zone
Trust Zone