What has this SHA-384 to do with AES-256-GCM? I thought GCM contained integrity checks already, so why is SHA-384 there anyway? With AES-CBC (= non-GCM) in IKEv2 phase 1, you have to use an authentication (hashing) algorithm that ensures the integrity of the data exchange. Nowadays the common ones are SHA-256, SHA-384 and SHA-512. So, […]
This post is an example of configuring an IPsec tunnel with F5 BIG-IP. In the diagram below the IPsec tunnel is configured between SRX210 (Junos 12.1X47-D20.7) and F5 BIG-IP (11.6.0 HF5-ENG11). F5 BIG-IP is connected here in one-arm setup. The SRX240 is not “an interesting device” in this demonstration. It is just a firewall and […]
This is the part 2 of my Juniper SRX IPsec LAN-to-LAN VPN posts. In part 1 we had a simple LAN-to-LAN VPN with only one subnet in each site. In this post we have two subnets in Their Site to illustrate the VPN configuration options. Here is the topology for this post. Their Site is […]
In this post I will show two flavours of configuring a LAN-to-LAN IPsec VPN tunnel with Juniper SRX: policy-based and route-based. I have been under impression that those ways are mutually exclusive so that only one way is valid for a given endpoint in the opposite side. How wrong have I been. Here is the […]