Juniper SRX connection to NordVPN?

[ChinookTx]

Hi all:

Got a hold of a Juniper SRX300 and pretty much everything I need, but I can't figure out how to configure it to establish a tunnel to NordVPN.

I have this working on an Edgerouter (it's basically stock openvpn) but the SRX is a bit intimidating compared to what I'm used too.

Anyone have a nice howto specifically for NordVPN (or another VPN provider would work too I guess).

Thanks in advance!

 

[oddball]

I've done IPSec tunnels with the SRX. It's really simple, there is even a Juniper config generator online.

Are you doing route or policy based? Does the SRX have a static or dynamic IP?

If you have a static IP you just configure the IPSec IKE key and point the box at the other VPN endpoint. Then you need to create routes across for both directions and distribute those routes internally. From there it should work. Both endpoints need a public IP though. If you only have a single public IP then you'll need to have one end connecting dynamically and build the tunnel that way.

Policy based is a little more difficult, unless you know you need it you probably don't.

 

[aero]

By the way, OpenVPN is SSL based, not IPSEC. I'd be mightily surprised if you could establish an OpenVPN client connection on an SRX.

 

[ChinookTx]

Yeah @aero, I realized that after posting. They have instructions on their site on setting up IKE/IPSEC but nothing specific to the SRX. Great, more tinkering!

@oddball, I will likely attempt Policy base, from what I understand this is what I need since I want to only direct specific IPs/networks to go out through the tunnel. I also have a dynamic IP technically, but it changed for the first time in five years after connecting the SRX to my modem in place of my old router. Assuming it's static shouldn't be too bad.

 

[747builder]

you CANT do OpenVPN on SRX.

 

[ChinookTx]

Yup, I said I realized that in my previous post.

They have a couple of howtos on their site for ipsec, but none for the srx directly.

VPN Tutorials: How to Setup a VPN

 

[zer0sum]

Should be pretty straightforward as it's just a site to site IPSEC connection

I'd start here - https://help.nordlayer.com/hc/en-us...-Setting-up-site-to-site-on-Juniper-JunOS-SRX