Tag Archives: Juniper ScreenOS

IPsec Site-to-Site VPN Juniper ScreenOS <-> Cisco ASA

Cisco ASA, IPsec/VPN, Juniper Networks, , , ,

This post describes the steps to configure a Site-to-Site VPN between a Juniper ScreenOS firewall and the Cisco ASA firewall. With the correct IKE and IPsec parameters as well as the correct Proxy IDs on both sides, the VPN establishment works without any problems. And since the Juniper firewall can ping an IPv4 address on the remote side through the tunnel (VPN Monitor), the VPN tunnel is established by the firewalls themselves without the need for initial traffic.

Continue reading IPsec Site-to-Site VPN Juniper ScreenOS <-> Cisco ASA

IPsec Site-to-Site VPN Juniper ScreenOS <-> AVM FRITZ!Box

FRITZ!Box, IPsec/VPN, Juniper Networks, Template, , , ,

Hier kommen die Einstellungen die nötig sind, um ein Site-to-Site VPN zwischen einer AVM FRITZ!Box und einer Juniper ScreenOS Firewall herzustellen. Neben einigen Anleitungen im Netz habe ich selber ein paar Einstellungen getestet, um eine möglichst detaillierte *.cfg Datei zu haben. Außerdem ist erfreulicherweise anzumerken, dass die Juniper auch ein statisches VPN zu einer dynamischen Adresse erlaubt und somit sogar beide Seite einen Verbindungsaufbau initiieren können. Mit dem VPN Monitor von Juniper wird der Tunnel konstant “up” gehalten.

Continue reading IPsec Site-to-Site VPN Juniper ScreenOS <-> AVM FRITZ!Box

IPsec Site-to-Site VPN Palo Alto <-> Juniper ScreenOS

IPsec/VPN, Juniper Networks, Palo Alto Networks, , , ,

For a quick documentation on how to build a Site-to-Site IPsec VPN tunnel between a Palo Alto Networks firewall and a Juniper ScreenOS device I am listing the configuration screenshots here.

It is quite easy because both firewalls implement route-based VPNs. That is: The tunnel must not be configured with Proxy IDs or the like. It is simply built upon the correct parameters for IKE and IPsec. The related traffic can then be routed into the tunnel afterwards. And since the tunnel monitor from the Palo Alto firewall triggers the tunnel to be built even though no real traffic flows through it, the admin immediately sees green status bubbles in the GUI and can be sure that the tunnel establishment was successful. Continue reading IPsec Site-to-Site VPN Palo Alto <-> Juniper ScreenOS

IPv6 Security Master Thesis

IPv6, Security, , , , , , , , , , ,

Hello world,

with this post I want to publish my own master thesis which I finished in February 2013 about the topic “IPv6 Security Test Laboratory”. (I studied the Master of IT-Security at the Ruhr-Uni Bochum.) I explained many IPv6 security issues in detail and tested three firewalls (Cisco ASA, Juniper SSG, Palo Alto PA) against all these IPv6 security attacks.

[UPDATE]Before reading the huge master thesis, this overview of IPv6 Security may be a good starting point for IPv6 security issues.[/UPDATE]

download-buttons02

Continue reading IPv6 Security Master Thesis