allenk1 · February 19, 2016 06:22
diff --git a/Juniper SRX VPN Config b/Juniper SRX VPN Config
 set security ike proposal prop-AWS authentication-method pre-shared-keys
 set security ike proposal prop-AWS dh-group group2
 set security ike proposal prop-AWS authentication-algorithm sha1
 set security ike proposal prop-AWS encryption-algorithm 3des-cbc
 set security ike proposal prop-AWS lifetime-seconds 7200
 set security ike policy pol-AWS mode main
 set security ike policy pol-AWS proposals prop-AWS
 set security ike policy pol-AWS pre-shared-key ascii-text <<PRE-SHARED KEY>>
 set security ike gateway AWS ike-policy pol-AWS
 set security ike gateway AWS address 52.24.85.249
 set security ike gateway AWS external-interface <<PUBLIC INTERFACE>>
 set security ipsec proposal prop-AWS protocol esp
 set security ipsec proposal prop-AWS authentication-algorithm hmac-sha1-96
 set security ipsec proposal prop-AWS encryption-algorithm 3des-cbc
 set security ipsec proposal prop-AWS lifetime-seconds 3600
 set security ipsec policy pol-AWS proposals prop-AWS
 set security ipsec vpn AWS-VPN bind-interface st0.3
 set security ipsec vpn AWS-VPN ike gateway AWS
 set security ipsec vpn AWS-VPN ike proxy-identity local <<LOCAL IP SCOPE>>
 set security ipsec vpn AWS-VPN ike proxy-identity remote 10.0.0.0/16
 set security ipsec vpn AWS-VPN ike ipsec-policy pol-AWS
 set security ipsec vpn AWS-VPN establish-tunnels immediately
 set security zone security-zone AWS interfaces st0.3
 security zones security-zone Internet interfaces <<PUBLIC INTERFACE>> host-inbound-traffic system-services ike
 set security policies from-zone AWS to-zone CLG-CORP-PRIV policy AllowAWS match source-address any
 set security policies from-zone AWS to-zone CLG-CORP-PRIV policy AllowAWS match destination-address any
 set security policies from-zone AWS to-zone CLG-CORP-PRIV policy AllowAWS match application any
 set security policies from-zone AWS to-zone CLG-CORP-PRIV policy AllowAWS then permit
 set security policies from-zone CLG-CORP-PRIV to-zone AWS policy AllowAWS match source-address any
 set security policies from-zone CLG-CORP-PRIV to-zone AWS policy AllowAWS match destination-address any
 set security policies from-zone CLG-CORP-PRIV to-zone AWS policy AllowAWS match application any
 set security policies from-zone CLG-CORP-PRIV to-zone AWS policy AllowAWS then permit
	set security ike proposal prop-AWS authentication-method pre-shared-keys
	set security ike proposal prop-AWS dh-group group2
	set security ike proposal prop-AWS authentication-algorithm sha1
	set security ike proposal prop-AWS encryption-algorithm 3des-cbc
	set security ike proposal prop-AWS lifetime-seconds 7200
	set security ike policy pol-AWS mode main
	set security ike policy pol-AWS proposals prop-AWS
	set security ike policy pol-AWS pre-shared-key ascii-text <<PRE-SHARED KEY>>
	set security ike gateway AWS ike-policy pol-AWS
	set security ike gateway AWS address 52.24.85.249
	set security ike gateway AWS external-interface <<PUBLIC INTERFACE>>
	set security ipsec proposal prop-AWS protocol esp
	set security ipsec proposal prop-AWS authentication-algorithm hmac-sha1-96
	set security ipsec proposal prop-AWS encryption-algorithm 3des-cbc
	set security ipsec proposal prop-AWS lifetime-seconds 3600
	set security ipsec policy pol-AWS proposals prop-AWS
	set security ipsec vpn AWS-VPN bind-interface st0.3
	set security ipsec vpn AWS-VPN ike gateway AWS
	set security ipsec vpn AWS-VPN ike proxy-identity local <<LOCAL IP SCOPE>>
	set security ipsec vpn AWS-VPN ike proxy-identity remote 10.0.0.0/16
	set security ipsec vpn AWS-VPN ike ipsec-policy pol-AWS
	set security ipsec vpn AWS-VPN establish-tunnels immediately
	set security zone security-zone AWS interfaces st0.3
	security zones security-zone Internet interfaces <<PUBLIC INTERFACE>> host-inbound-traffic system-services ike
	set security policies from-zone AWS to-zone CLG-CORP-PRIV policy AllowAWS match source-address any
	set security policies from-zone AWS to-zone CLG-CORP-PRIV policy AllowAWS match destination-address any
	set security policies from-zone AWS to-zone CLG-CORP-PRIV policy AllowAWS match application any
	set security policies from-zone AWS to-zone CLG-CORP-PRIV policy AllowAWS then permit
	set security policies from-zone CLG-CORP-PRIV to-zone AWS policy AllowAWS match source-address any
	set security policies from-zone CLG-CORP-PRIV to-zone AWS policy AllowAWS match destination-address any
	set security policies from-zone CLG-CORP-PRIV to-zone AWS policy AllowAWS match application any
	set security policies from-zone CLG-CORP-PRIV to-zone AWS policy AllowAWS then permit