This guide covers configuration an IPsec VPN between Peplink and Juniper SSG firewall. The example assumes the following settings:
| IPsec VPN Settings | |
|---|---|
| Peplink WAN IP Address | 210.211.10.5 |
| Peplink LAN Network | 192.168.2.0/24 |
| Juniper SSG WAN IP Address | 66.80.3.1 |
| Juniper SSG LAN Network | 192.168.1.0/24 |
| IPsec Phase 1 Authentication | SHA-1 |
| ISPEC Phase 1 Encryption | AES-128 |
| ISPEC Phase 1 DH Group | 2 |
| IPsec Phase 2 Authentication | SHA-1 |
| ISPEC Phase 2 Encryption | AES-128 |
| ISPEC Phase 2 PFS Group | 2 |
Configure Juniper SSG firewall
Create IPsec VPN Profile
Goto Wizards => Route Based VPN to begin:
- Select local and remote interfaces.
![juniper-ipsec-x509-04]()
- Bind the tunnel to untrust interface.
![juniper-ipsec-x509-04b]()
- Select LAN to LAN tunnel.
![juniper-ipsec-x509-04c]()
- Select Local Static IP <-> Remote Static IP
![juniper-ipsec-x509-04d]()
- Enter remote IP address of Peplink
![juniper-ipsec-x509-04e]()
- Select 128 bit encryption
![juniper-ipsec-x509-04f]()
- Specify the local and remote networks of the IPsec VPN
![juniper-ipsec-x509-04g]()
- Pass all protocols over VPN in both directions
![juniper-ipsec-x509-04h]()
- Set logging options as needed
![juniper-ipsec-x509-04i]()
- Set Schedule to None
![juniper-ipsec-x509-04j]()
- Click Next then Finish to complete VPN configuration.
![juniper-ipsec-x509-04k]()
Configure Peplink device
Create IPsec Profile
- Goto Network -> Interfaces -> IPsec VPN to create a new IPsec profile. Give the VPN a meaningful Name and enter the Remote Gateway IP , Remote Networks , and Preshared Key of the Juniper SSG. Select the matching Phase 1 and Phase 2 settings for VPN.
- Click Save and the IPsec configuration is now complete.
![juniper-ipsec-01]()
