Quick Configs Juniper – Azure IPsec Site to Site VPN

this videos focused on creating an azure trendies exciti site VPN connection to a Juniper device in this case and that’s Rex so what do we have in this network we have an internal structure monitor one c1 we have an internal interface at one we have an external F is 0 we have secure everlasting interface and we have an azure network in this case at the time/ 21 and we have an external boundary for address so I’m gonna present you how to set up an address last-minute I’ve already pitch it up previously but I will show you the configuration step because it takes a long time to generate the gateway joining in Azure so these are the configuration steps for adder we are I am exploiting the classic entrance in this example because I utterly hate the brand-new entrance we’re creating a virtual system surface to side take away and creating the VM so I’m gonna actually begins with the Juniper configuration before I do that let me go to adder so after you create a virtual system an ad and a gateway you mostly get this menu and there are two things to note here the external address and the key you know you can get the key by pressing this cope key or you can download the part VPN script all at once which is what I’ve done so the VPN scrap from adder will set up a passageway to adder nonetheless it will not set up routing if you look at this configuration here there’s no corroboration for to be established by a static the secure atmosphere you know things which is why instead of using the adder configuration we are using the one from github and I affix on a connection in the description where you can get this configuration but you mostly want to download this obscurity X file and then you’re on your way so what are the differences between this get up and the azure mostly the in the configuration of the interface and so on other child nips so this is the configuration from github you are gonna have to customize this configuration to fit your network so I observed now what I’m gonna change in this configuration so the first thing that you want to change if you want to change the key depreciate key which we will get by going to adder and pressing a managed key or downloading the dialogue you want to change the external address from 40 to whatever your gateway addresses so that’s the same address as consumed an adder over here move this these indicators and the github has this has security I gateway for to do only I found that it at all actually does not come up when you use for to own that it is possible just my structure nonetheless I am taking out of this consecration it is not required in any case the other part is this internal interface so instead of I have an interface vlan1 I’m having the actual interface as my internal period and the last part is the security zone which is going to be changed from/ 16 to/ when you want move that we go down here we can see the actual configuration for the secure eternal boundary and again the route will change from 16 to/ 21 with an ex huh of the as Caesar so this is a static route configuration there is a lack of dynamic etiquettes being used now so let me copy this and go to my juniper so this SRX is actually a as rx100 and if I go into the interface if I sure enough it’s fast it’s not 01 friends this is basically want to configure on internal side I will not show you the external address for obvious reasonableness if I go to show security zone security zone internal I’ll see what’s configured and the other one is called internet so mostly a very basic conflict with allowing Ike on the outside so that’s basic msconfig there we go for the demonstrate compare you can see exactly what deep basins in this device commit check and we’re waiting and hopefully everything is fine all right let’s do devote approved observation yep so while that is working it will make some time for it all to form I will use that time to explain how exactly this magical configuration wreaks so in Azure you basically create a virtual network how do you create a virtual network in the Opera you precisely press brand-new network services virtual system got some enormous give the name location I’m in Australia so I’m adding Austria East and we’re checking this check box for psych sexy yeah you configure a local network in this case I’m gonna specify a brand-new local network so this is not the local network of a sure this should actually be called onprem network because this is the network behind my juniper which is one of the ones who save more not zero so that’s perplexing so let’s create a new one we give the name to either X the external interface IP address whatever that might be and the address gap whatever let’s say one 0/24 that’s it next that we are adding a subnet so I am adding a subnet called internal so this is the actual as your address basi where this 10/21 it’s default it’s 2/8 so I’m gonna remained unchanged to trounce twenty one and one structure or something that I’m gonna call in turn off if I can type accurately and the second thing is we have to add a gateway subnet which is a slash 29 by default so press that and you will basically end up with this interface then you have to press now which says lend gateway and I are generating the gateway for you so the next step is to actually add a virtual machine and I will get an address on the internal it will not get an address on the Gateway subnet you can configure this further if we so desire and here we can actually see what is being established here slash 21 I included another system placards external and gateway is that more so this dashboard will show us if the VPN is online nonetheless it will not revise immediately I’m gonna abuse that time to specify my virtual machine so I really formed a Windows Server 2012 virtual machine that in turn has a public IP address so it is reachable from the outside without a VPN and it has a remote that support so let’s try connecting to that I once articulated it in here so the default 3 3 8 9 port is an added to this port let’s see and try to connect and I’m on my virtual machine so here you can see that’s at a network it’s got this list and for this example I’m gonna enable PS promoting because I wanna add a firewall regulate because thing does not work by default if you’re trying out this figuring and ping the virtual machine and is my finding that your things don’t work then it is probably due to the Windows Firewall and not your actual VPN configuration so I’m gonna contribute a firewall regulate but I’m gonna do that from this place so right now there’s no ICT final world-wide so I’m gonna compute more later with enable with DPS remoting which I’ve already enabled on this virtual machine so we can close that again so let’s go back to our Juniper Arkham it has been confirmed as coincidence here if I establish certificate like protection associations we got a security association with the I just said by either the state is up if I go ape sac insurance associations then we will see that the IPSec Ptolemies as well if I go back to a sure is it I’ll see that the passage is up as well so let me try and ping an address so if I conclude 1004 will not work because his blood sidekick Windows Firewall so instead of do that I’m gonna say enroll PS session 1004 national it’s all good I will end up on this remote machine okay so if I do I anticipate upshot I’ll see that I’m mostly leading Carranza’s superhighways machine so let’s add a firewall convention so you can either add this firewall govern with PowerShell which is this command and I you can also use the older style which is to match in this case I’m applying the newer authorities so let’s face it there let’s try let’s exit out of now let’s decorate answer for and we can see now that the thing is actually operating actually directing so let’s try Remote Desktop so instead of this I’m gonna just use 1000 4 3 2 8 9 don’t really need that in there and we will see that we have another session over exercising a private address so that’s mostly the config you can download it from Azure you can download from github things to notice that the azure VPN device write merely names up detail interface nonetheless it will not set up and routing that’s mostly thank you for your time

