Aviatrix Gateway to Juniper SRX

Aviatrix does not officially support Juniper SRX, but you can configure Juniper SRX to work with the Aviatrix software. Aviatrix does not actively test our software with Juniper SRX and you should rigorously test your configuration in a development environment before deploying in a production system.

This document describes how to build an IPsec tunnel-based Site2Cloud connection between an Aviatrix Gateway and a JuniperSRX Firewall.

The network setup is as follows:

VPC/VNet-multicloudvpc1 (with Aviatrix Gateway)

VPC/VNet CIDR: 10.1.1.0/16

VPC/VNet Subnet CIDR (public in AWS, GCP, or OCI): 10.1.1.0/24

VPC/VNet Private Subnet CIDR: 10.1.2.0/24

On-Prem (with Juniper SRX Firewall)

On-Prem Network CIDR: 10.0.0.0/16

On-prem Public Network CIDR: 10.0.3.0/24

On-prem Private Network CIDR: 10.0.2.0/24

Creating an External (Site2Cloud) Connection

  1. . In Aviatrix CoPilot, launch an Aviatrix Transit Gateway at the subnet of VPC/VNet-multicloudvpc1 (public subnet for AWS, GCP, or OCI). Collect the Gateway’s public IP addresses (3.213.233.93 in this example).

  2. Navigate to Networking > Connectivity > External Connections (S2C) and click Add New to create a Site2Cloud connection using the values for one of the below options (for either you can select either PSK or certificate-based authentication).

    Substitute the following values:

    • Remote Gateway Type: Generic

    • Algorithms: turn Off

    • Remote Gateway IP: Public IP of Juniper SRX WAN port (18.214.241.32 in this example)

    • Remote Subnet CIDR(s): 10.0.2.0/16 (On-Prem Private Network CIDR)

    • Local Subnet CIDR(s): 10.1.2.0/24 (VPC-multicloudvpc1 private subnet)

  1. After the connection is created, select the vertical ellipsis 25 menu for that connection and select Download Configuration.

  2. Select Generic from the Vendor dropdown list and click the Download to download the external (S2C) configuration. Use this configuration file to configure the tunnels and interfaces in your Juniper SRX firewall.

    The following is an SRX sample configuration based on the Site2Cloud configuration above.

    image3

Configuring JuniperSRX

Apply the following configuration to your SRX:

 <iframe
src="https:/s3-us-west-2.amazonaws.com/aviatrix-download/docs/srx_site2cloud.txt"
height="300px" width="100%"></iframe>

Verifying the Tunnel Status

In Aviatrix CoPilot, go to the Diagnostics > Cloud Routes > External Connections tab to confirm the Status and Tunnel Status of the external connection.

Troubleshooting

To troubleshoot, in CoPilot go to Diagnostics > Diagnostic Tools.