{"id":1071,"date":"2017-02-04T15:20:41","date_gmt":"2017-02-04T08:20:41","guid":{"rendered":"https:\/\/www.routecloud.net\/blog\/?p=1071"},"modified":"2017-02-04T15:21:24","modified_gmt":"2017-02-04T08:21:24","slug":"juniper-srx-implementasi-site-site-vpn","status":"publish","type":"post","link":"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/","title":{"rendered":"[Juniper SRX] Implementasi Site-to-Site VPN"},"content":{"rendered":"

Bagian ini perlu saya tulis, karena ini adalah salah part yang cukup penting dan banyak kebutuhan yang membutuhkan koneksi vpn. Perlu diketahui di juniper ada ada dua macam site-to-site (s2s), yaitu route based vpn dan policy based vpn. \u00a0Beda nya apa? jadi klo policy based vpn itu untuk kebutuhan jika site remote adalah platform yang berbeda, sama yang kedua adalah jika ada hanya satu client atau satu subnet yang terkoneksi. Nah jadi jika ada design yang complex kira2, misalanya vpn hub-and-spoko, or site remote nya banyak, maka itu membutuhkan route based vpn, jiak nanti membutuhkan implementas nat, menghindari overlapping address, terus menggunakan dynamic routing procotol, ini juga harus menggunakan route based vpn. Jadi pada kesempatan ini kita akan coba setup route-based s2s vpn dengan konfigurasi dan design standar.<\/p>\n

\"\"<\/a><\/p>\n

Ini adalah contoh design yang nanti akan kita konfigurasi, RouteCloud-HQ dan Branch1, keduanya menggunakan platform juniper SRX. \u00a0Mari kita lihat tabel konfigurasi SRX untuk masing-masing site nya.<\/p>\n

<\/p>\n

\"\"<\/a><\/p>\n

 <\/p>\n

Kemudian yang kedua adalah konfigurasi untuk SRX Branch1<\/p>\n

\"\"<\/a><\/p>\n

 <\/p>\n

Jika anda perhatikan table di atas, maka anda seharusnya sudah tau parameter apa saja yang perlu di configure.<\/p>\n

#RouteCloud-HQ<\/p>\n

Interface Configuration, Zone, Routing Static, Rule-policy<\/p>\n

set interfaces ge-0\/0\/0 unit 0 family inet address 172.172.16.1\/29\r\nset interfaces ge-0\/0\/1 unit 0 family inet address 10.20.20.1\/24\r\nset interfaces st0 unit 0 point-to-point\r\nset interfaces st0 unit 0 family inet address 10.100.100.1\/24\r\n\r\nset security zones security-zone Public interfaces ge-0\/0\/0.0 host-inbound-traffic system-services ike\r\nset security zones security-zone Public interfaces ge-0\/0\/0.0 host-inbound-traffic system-services ping\r\nset security zones security-zone Private interfaces ge-0\/0\/1.0 host-inbound-traffic system-services all\r\nset security zones security-zone Private interfaces ge-0\/0\/1.0 host-inbound-traffic protocols all\r\nset security zones security-zone VPN interfaces st0.0 host-inbound-traffic system-services ping\r\n\r\nset routing-options static route 10.30.30.0\/24 next-hop st0.0\r\nset routing-options static route 0.0.0.0\/0 next-hop 172.172.16.6\r\n\r\nset security policies from-zone Private to-zone VPN policy permit-private-vpn match source-address any\r\nset security policies from-zone Private to-zone VPN policy permit-private-vpn match destination-address any\r\nset security policies from-zone Private to-zone VPN policy permit-private-vpn match application any\r\nset security policies from-zone Private to-zone VPN policy permit-private-vpn then permit\r\nset security policies from-zone VPN to-zone Private policy permit-private-vpn match source-address any\r\nset security policies from-zone VPN to-zone Private policy permit-private-vpn match destination-address any\r\nset security policies from-zone VPN to-zone Private policy permit-private-vpn match application any\r\nset security policies from-zone VPN to-zone Private policy permit-private-vpn then permit<\/pre>\n
IKE Phase 1 Configuration:<\/p>\n
set security ike proposal ike-phase1-proposal authentication-method pre-shared-keys\r\nset security ike proposal ike-phase1-proposal dh-group group2\r\nset security ike proposal ike-phase1-proposal authentication-algorithm sha1\r\nset security ike proposal ike-phase1-proposal encryption-algorithm aes-128-cbc\r\nset security ike proposal ike-phase1-proposal lifetime-seconds 28000\r\n\r\nset security ike policy ike-phase1-policy mode main\r\nset security ike policy ike-phase1-policy proposals ike-phase1-proposal\r\nset security ike policy ike-phase1-policy pre-shared-key ascii-text \"bunyamin123\"\r\n\r\nset security ike gateway gw-branch1 ike-policy ike-phase1-policy\r\nset security ike gateway gw-branch1 address 172.173.17.1\r\nset security ike gateway gw-branch1 external-interface ge-0\/0\/0<\/pre>\n
IPSec Phase 2 Configuration:<\/p>\n
set security ipsec proposal ipsec-phase2-proposal protocol esp\r\nset security ipsec proposal ipsec-phase2-proposal authentication-algorithm hmac-sha1-96\r\nset security ipsec proposal ipsec-phase2-proposal encryption-algorithm aes-128-cbc\r\nset security ipsec proposal ipsec-phase2-proposal lifetime-seconds 3600\r\n\r\nset security ipsec policy ipsec-phase2-policy perfect-forward-secrecy keys group2\r\nset security ipsec policy ipsec-phase2-policy proposals ipsec-phase2-proposal\r\n\r\nset security ipsec vpn ike-vpn-branch1 bind-interface st0.0\r\nset security ipsec vpn ike-vpn-branch1 ike gateway gw-branch1\r\nset security ipsec vpn ike-vpn-branch1 ike ipsec-policy ipsec-phase2-policy\r\n<\/pre>\n
 <\/p>\n
#Branch Configuration<\/p>\n
Interface Configuration, Zone, Routing Static,\u00a0Rule-policy<\/p>\n
set interfaces ge-0\/0\/0 unit 0 family inet address 172.173.17.1\/29\r\nset interfaces ge-0\/0\/1 unit 0 family inet address 10.30.30.1\/24\r\nset interfaces st0 unit 0 point-to-point\r\nset interfaces st0 unit 0 family inet address 10.100.100.2\/24\r\n\r\nset security zones security-zone Public interfaces ge-0\/0\/0.0 host-inbound-traffic system-services ike\r\nset security zones security-zone Public interfaces ge-0\/0\/0.0 host-inbound-traffic system-services ping\r\nset security zones security-zone Private interfaces ge-0\/0\/1.0 host-inbound-traffic system-services all\r\nset security zones security-zone Private interfaces ge-0\/0\/1.0 host-inbound-traffic protocols all\r\nset security zones security-zone VPN interfaces st0.0 host-inbound-traffic system-services ping\r\n\r\n\r\nset routing-options static route 0.0.0.0\/0 next-hop 172.173.17.6\r\nset routing-options static route 10.20.20.0\/24 next-hop st0.0\r\n\r\nset security policies from-zone Private to-zone VPN policy permit-private-vpn match source-address any\r\nset security policies from-zone Private to-zone VPN policy permit-private-vpn match destination-address any\r\nset security policies from-zone Private to-zone VPN policy permit-private-vpn match application any\r\nset security policies from-zone Private to-zone VPN policy permit-private-vpn then permit\r\nset security policies from-zone VPN to-zone Private policy permit-private-vpn match source-address any\r\nset security policies from-zone VPN to-zone Private policy permit-private-vpn match destination-address any\r\nset security policies from-zone VPN to-zone Private policy permit-private-vpn match application any\r\nset security policies from-zone VPN to-zone Private policy permit-private-vpn then permit\r\n<\/pre>\n
IKE Phase 1 Configuration:<\/p>\n
set security ike proposal ike-phase1-proposal authentication-method pre-shared-keys\r\nset security ike proposal ike-phase1-proposal dh-group group2\r\nset security ike proposal ike-phase1-proposal authentication-algorithm sha1\r\nset security ike proposal ike-phase1-proposal encryption-algorithm aes-128-cbc\r\nset security ike proposal ike-phase1-proposal lifetime-seconds 28000\r\n\r\nset security ike policy ike-phase1-policy mode main\r\nset security ike policy ike-phase1-policy proposals ike-phase1-proposal\r\nset security ike policy ike-phase1-policy pre-shared-key ascii-text \"bunyamin123\"\r\n\r\nset security ike gateway gw-routecloud-hq ike-policy ike-phase1-policy\r\nset security ike gateway gw-routecloud-hq address 172.172.16.1\r\nset security ike gateway gw-routecloud-hq external-interface ge-0\/0\/0<\/pre>\n
IPSec Phase 2 Configuration:<\/p>\n
set security ipsec proposal ipsec-phase2-proposal protocol esp\r\nset security ipsec proposal ipsec-phase2-proposal authentication-algorithm hmac-sha1-96\r\nset security ipsec proposal ipsec-phase2-proposal encryption-algorithm aes-128-cbc\r\nset security ipsec proposal ipsec-phase2-proposal lifetime-seconds 3600\r\n\r\nset security ipsec policy ipsec-phase2-policy perfect-forward-secrecy keys group2\r\nset security ipsec policy ipsec-phase2-policy proposals ipsec-phase2-proposal\r\n\r\nset security ipsec vpn ike-vpn-hq bind-interface st0.0\r\nset security ipsec vpn ike-vpn-hq ike gateway gw-routecloud-hq\r\nset security ipsec vpn ike-vpn-hq ike ipsec-policy ipsec-phase2-policy\r\n<\/pre>\n
Testing dan Verification:<\/p>\n
Pastikan ip-peer nya sama-sama bisa direach oleh masing2 site:<\/p>\n
root@Branch1> ping 172.172.16.1\r\nPING 172.172.16.1 (172.172.16.1): 56 data bytes\r\n64 bytes from 172.172.16.1: icmp_seq=0 ttl=62 time=52.095 ms\r\n64 bytes from 172.172.16.1: icmp_seq=1 ttl=62 time=6.335 ms\r\n64 bytes from 172.172.16.1: icmp_seq=2 ttl=62 time=147.276 ms\r\n^C\r\n--- 172.172.16.1 ping statistics ---\r\n3 packets transmitted, 3 packets received, 0% packet loss\r\nround-trip min\/avg\/max\/stddev = 6.335\/68.569\/147.276\/58.706 ms\r\n\r\nroot@RouteCloud-HQ> ping 172.173.17.1 rapid count 10\r\nPING 172.173.17.1 (172.173.17.1): 56 data bytes\r\n!!!!!!!!!!\r\n--- 172.173.17.1 ping statistics ---\r\n10 packets transmitted, 10 packets received, 0% packet loss\r\nround-trip min\/avg\/max\/stddev = 10.440\/191.195\/602.093\/208.497 ms\r\n\r\nroot@RouteCloud-HQ>\r\n<\/pre>\n
Sekarang coba anda ping ip internal:<\/p>\n
root@Branch1> ping 10.20.20.1 source 10.30.30.1 rapid count 10\r\nPING 10.20.20.1 (10.20.20.1): 56 data bytes\r\n!!!!!!!!!!\r\n--- 10.20.20.1 ping statistics ---\r\n10 packets transmitted, 10 packets received, 0% packet loss\r\nround-trip min\/avg\/max\/stddev = 11.239\/25.583\/57.729\/18.166 ms\r\n\r\nroot@Branch1><\/pre>\n
Melihat status phase1 dan phase2:<\/p>\n
root@Branch1> show security ike security-associations\r\nIndex   State  Initiator cookie  Responder cookie  Mode           Remote Address\r\n7296309 UP     6a3128a8da104fe2  707f732d5a216a95  Main           172.172.16.1\r\n\r\nroot@Branch1> show security ipsec security-associations\r\n  Total active tunnels: 1\r\n  ID    Algorithm       SPI      Life:sec\/kb  Mon lsys Port  Gateway\r\n  <131075 ESP:aes-cbc-128\/sha1 69bca620 2962\/ unlim - root 500 172.172.16.1\r\n  >131075 ESP:aes-cbc-128\/sha1 cd530f3a 2962\/ unlim - root 500 172.172.16.1\r\n<\/pre>\n
Jika state UP pada phase1 maka itu menunjukkan\u00a0kedua site sudah melakukan negosiasi dan sudah establish. \u00a0Kemudian phase2 juga terbentuk, dengan active tunnel 1.<\/p>\n
Melihat jumlah peering yang sedang active:<\/p>\n
root@RouteCloud-HQ> show security ike active-peer\r\nRemote Address                      Port     Peer IKE-ID                         XAUTH username                      Assigned IP\r\n172.173.17.1                        500      172.173.17.1\r\n\r\n<\/pre>\n
Melihat secara detail status phase1 dan phase2<\/p>\n
root@RouteCloud-HQ> show security ike security-associations detail\r\nIKE peer 172.173.17.1, Index 6404394, Gateway Name: gw-branch1\r\n  Role: Responder, State: UP\r\n  Initiator cookie: 6a3128a8da104fe2, Responder cookie: 707f732d5a216a95\r\n  Exchange type: Main, Authentication method: Pre-shared-keys\r\n  Local: 172.172.16.1:500, Remote: 172.173.17.1:500\r\n  Lifetime: Expires in 26462 seconds\r\n  Peer ike-id: 172.173.17.1\r\n  Xauth assigned IP: 0.0.0.0\r\n  Algorithms:\r\n   Authentication        : hmac-sha1-96\r\n   Encryption            : aes128-cbc\r\n   Pseudo random function: hmac-sha1\r\n   Diffie-Hellman group  : DH-group-2\r\n  Traffic statistics:\r\n   Input  bytes  :                 1000\r\n   Output bytes  :                  796\r\n   Input  packets:                    5\r\n   Output packets:                    4\r\n  Flags: IKE SA is created\r\n  IPSec security associations: 1 created, 0 deleted\r\n  Phase 2 negotiations in progress: 0\r\n\r\n    Negotiation type: Quick mode, Role: Responder, Message ID: 0\r\n    Local: 172.172.16.1:500, Remote: 172.173.17.1:500\r\n    Local identity: 172.172.16.1\r\n    Remote identity: 172.173.17.1\r\n    Flags: IKE SA is created\r\n\r\nroot@RouteCloud-HQ> show security ipsec security-associations detail\r\n  ID: 131074 Virtual-system: root, VPN Name: ike-vpn-branch1\r\n  Local Gateway: 172.172.16.1, Remote Gateway: 172.173.17.1\r\n  Local Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0\/0)\r\n  Remote Identity: ipv4_subnet(any:0,[0..7]=0.0.0.0\/0)\r\n  Version: IKEv1\r\n    DF-bit: clear\r\n    Bind-interface: st0.0\r\n\r\n  Port: 500, Nego#: 2, Fail#: 0, Def-Del#: 0 Flag: 0x600a29\r\n  Last Tunnel Down Reason: Config Change\r\n    Direction: inbound, SPI: cd530f3a, AUX-SPI: 0\r\n                              , VPN Monitoring: -\r\n    Hard lifetime: Expires in 2044 seconds\r\n    Lifesize Remaining:  Unlimited\r\n    Soft lifetime: Expires in 1456 seconds\r\n    Mode: Tunnel(0 0), Type: dynamic, State: installed\r\n    Protocol: ESP, Authentication: hmac-sha1-96, Encryption: aes-cbc (128 bits)\r\n    Anti-replay service: counter-based enabled, Replay window size: 64\r\n\r\n    Direction: outbound, SPI: 69bca620, AUX-SPI: 0\r\n                              , VPN Monitoring: -\r\n    Hard lifetime: Expires in 2044 seconds\r\n    Lifesize Remaining:  Unlimited\r\n    Soft lifetime: Expires in 1456 seconds\r\n    Mode: Tunnel(0 0), Type: dynamic, State: installed\r\n    Protocol: ESP, Authentication: hmac-sha1-96, Encryption: aes-cbc (128 bits)\r\n    Anti-replay service: counter-based enabled, Replay window size: 64\r\n<\/pre>\n
Oke cukup sekian untuk pengenalan konfigurasi s2s vpn.<\/p>\n
good luck \ud83d\ude42<\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
Bagian ini perlu saya tulis, karena ini adalah salah part yang cukup penting dan banyak kebutuhan yang membutuhkan koneksi vpn. Perlu diketahui di juniper ada ada dua macam site-to-site (s2s), yaitu route based vpn dan policy based vpn. \u00a0Beda nya apa? jadi klo policy based vpn itu untuk kebutuhan jika site remote adalah platform yang […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5,18],"tags":[108,40,107],"yoast_head":"\n[Juniper SRX] Implementasi Site-to-Site VPN - Routecloud Indonesia - Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"[Juniper SRX] Implementasi Site-to-Site VPN - Routecloud Indonesia - Blog\" \/>\n<meta property=\"og:description\" content=\"Bagian ini perlu saya tulis, karena ini adalah salah part yang cukup penting dan banyak kebutuhan yang membutuhkan koneksi vpn. Perlu diketahui di juniper ada ada dua macam site-to-site (s2s), yaitu route based vpn dan policy based vpn. \u00a0Beda nya apa? jadi klo policy based vpn itu untuk kebutuhan jika site remote adalah platform yang […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/\" \/>\n<meta property=\"og:site_name\" content=\"Routecloud Indonesia - Blog\" \/>\n<meta property=\"article:published_time\" content=\"2017-02-04T08:20:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-02-04T08:21:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.routecloud.net\/blog\/wp-content\/uploads\/2017\/02\/site-to-site-vpn-topology.png\" \/>\n<meta name=\"twitter:card\" content=\"summary\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"arisyi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.routecloud.net\/blog\/#organization\",\"name\":\"Routecloud Indonesia\",\"url\":\"https:\/\/www.routecloud.net\/blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.routecloud.net\/blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.routecloud.net\/blog\/wp-content\/uploads\/2017\/03\/logo_routecloud_horz_2x_b.png\",\"contentUrl\":\"https:\/\/www.routecloud.net\/blog\/wp-content\/uploads\/2017\/03\/logo_routecloud_horz_2x_b.png\",\"width\":400,\"height\":80,\"caption\":\"Routecloud Indonesia\"},\"image\":{\"@id\":\"https:\/\/www.routecloud.net\/blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.routecloud.net\/blog\/#website\",\"url\":\"https:\/\/www.routecloud.net\/blog\/\",\"name\":\"Routecloud Indonesia - Blog\",\"description\":\"Share Your Knowledge\",\"publisher\":{\"@id\":\"https:\/\/www.routecloud.net\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.routecloud.net\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.routecloud.net\/blog\/wp-content\/uploads\/2017\/02\/site-to-site-vpn-topology.png\",\"contentUrl\":\"https:\/\/www.routecloud.net\/blog\/wp-content\/uploads\/2017\/02\/site-to-site-vpn-topology.png\",\"width\":1032,\"height\":350},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/#webpage\",\"url\":\"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/\",\"name\":\"[Juniper SRX] Implementasi Site-to-Site VPN - Routecloud Indonesia - Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.routecloud.net\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/#primaryimage\"},\"datePublished\":\"2017-02-04T08:20:41+00:00\",\"dateModified\":\"2017-02-04T08:21:24+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.routecloud.net\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"[Juniper SRX] Implementasi Site-to-Site VPN\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.routecloud.net\/blog\/#\/schema\/person\/bababa304857e6ec9533ffe7b108ec8c\"},\"headline\":\"[Juniper SRX] Implementasi Site-to-Site VPN\",\"datePublished\":\"2017-02-04T08:20:41+00:00\",\"dateModified\":\"2017-02-04T08:21:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/#webpage\"},\"wordCount\":289,\"commentCount\":2,\"publisher\":{\"@id\":\"https:\/\/www.routecloud.net\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.routecloud.net\/blog\/wp-content\/uploads\/2017\/02\/site-to-site-vpn-topology.png\",\"keywords\":[\"ipsec\",\"srx\",\"vpn\"],\"articleSection\":[\"Juniper\",\"Network and Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.routecloud.net\/blog\/#\/schema\/person\/bababa304857e6ec9533ffe7b108ec8c\",\"name\":\"arisyi\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.routecloud.net\/blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ad901c240e8ac1273cd2e05801a73235?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ad901c240e8ac1273cd2e05801a73235?s=96&d=mm&r=g\",\"caption\":\"arisyi\"},\"sameAs\":[\"http:\/\/arisyi.net\"],\"url\":\"https:\/\/www.routecloud.net\/blog\/author\/arisyi\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"[Juniper SRX] Implementasi Site-to-Site VPN - Routecloud Indonesia - Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/","og_locale":"en_US","og_type":"article","og_title":"[Juniper SRX] Implementasi Site-to-Site VPN - Routecloud Indonesia - Blog","og_description":"Bagian ini perlu saya tulis, karena ini adalah salah part yang cukup penting dan banyak kebutuhan yang membutuhkan koneksi vpn. Perlu diketahui di juniper ada ada dua macam site-to-site (s2s), yaitu route based vpn dan policy based vpn. \u00a0Beda nya apa? jadi klo policy based vpn itu untuk kebutuhan jika site remote adalah platform yang […]","og_url":"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/","og_site_name":"Routecloud Indonesia - Blog","article_published_time":"2017-02-04T08:20:41+00:00","article_modified_time":"2017-02-04T08:21:24+00:00","og_image":[{"url":"https:\/\/www.routecloud.net\/blog\/wp-content\/uploads\/2017\/02\/site-to-site-vpn-topology.png"}],"twitter_card":"summary","twitter_misc":{"Written by":"arisyi","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.routecloud.net\/blog\/#organization","name":"Routecloud Indonesia","url":"https:\/\/www.routecloud.net\/blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.routecloud.net\/blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.routecloud.net\/blog\/wp-content\/uploads\/2017\/03\/logo_routecloud_horz_2x_b.png","contentUrl":"https:\/\/www.routecloud.net\/blog\/wp-content\/uploads\/2017\/03\/logo_routecloud_horz_2x_b.png","width":400,"height":80,"caption":"Routecloud Indonesia"},"image":{"@id":"https:\/\/www.routecloud.net\/blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.routecloud.net\/blog\/#website","url":"https:\/\/www.routecloud.net\/blog\/","name":"Routecloud Indonesia - Blog","description":"Share Your Knowledge","publisher":{"@id":"https:\/\/www.routecloud.net\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.routecloud.net\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.routecloud.net\/blog\/wp-content\/uploads\/2017\/02\/site-to-site-vpn-topology.png","contentUrl":"https:\/\/www.routecloud.net\/blog\/wp-content\/uploads\/2017\/02\/site-to-site-vpn-topology.png","width":1032,"height":350},{"@type":"WebPage","@id":"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/#webpage","url":"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/","name":"[Juniper SRX] Implementasi Site-to-Site VPN - Routecloud Indonesia - Blog","isPartOf":{"@id":"https:\/\/www.routecloud.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/#primaryimage"},"datePublished":"2017-02-04T08:20:41+00:00","dateModified":"2017-02-04T08:21:24+00:00","breadcrumb":{"@id":"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.routecloud.net\/blog\/"},{"@type":"ListItem","position":2,"name":"[Juniper SRX] Implementasi Site-to-Site VPN"}]},{"@type":"Article","@id":"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/#article","isPartOf":{"@id":"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/#webpage"},"author":{"@id":"https:\/\/www.routecloud.net\/blog\/#\/schema\/person\/bababa304857e6ec9533ffe7b108ec8c"},"headline":"[Juniper SRX] Implementasi Site-to-Site VPN","datePublished":"2017-02-04T08:20:41+00:00","dateModified":"2017-02-04T08:21:24+00:00","mainEntityOfPage":{"@id":"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/#webpage"},"wordCount":289,"commentCount":2,"publisher":{"@id":"https:\/\/www.routecloud.net\/blog\/#organization"},"image":{"@id":"https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/#primaryimage"},"thumbnailUrl":"https:\/\/www.routecloud.net\/blog\/wp-content\/uploads\/2017\/02\/site-to-site-vpn-topology.png","keywords":["ipsec","srx","vpn"],"articleSection":["Juniper","Network and Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.routecloud.net\/blog\/juniper-srx-implementasi-site-site-vpn\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.routecloud.net\/blog\/#\/schema\/person\/bababa304857e6ec9533ffe7b108ec8c","name":"arisyi","image":{"@type":"ImageObject","@id":"https:\/\/www.routecloud.net\/blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/ad901c240e8ac1273cd2e05801a73235?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ad901c240e8ac1273cd2e05801a73235?s=96&d=mm&r=g","caption":"arisyi"},"sameAs":["http:\/\/arisyi.net"],"url":"https:\/\/www.routecloud.net\/blog\/author\/arisyi\/"}]}},"_links":{"self":[{"href":"https:\/\/www.routecloud.net\/blog\/wp-json\/wp\/v2\/posts\/1071"}],"collection":[{"href":"https:\/\/www.routecloud.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.routecloud.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.routecloud.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.routecloud.net\/blog\/wp-json\/wp\/v2\/comments?post=1071"}],"version-history":[{"count":3,"href":"https:\/\/www.routecloud.net\/blog\/wp-json\/wp\/v2\/posts\/1071\/revisions"}],"predecessor-version":[{"id":1081,"href":"https:\/\/www.routecloud.net\/blog\/wp-json\/wp\/v2\/posts\/1071\/revisions\/1081"}],"wp:attachment":[{"href":"https:\/\/www.routecloud.net\/blog\/wp-json\/wp\/v2\/media?parent=1071"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.routecloud.net\/blog\/wp-json\/wp\/v2\/categories?post=1071"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.routecloud.net\/blog\/wp-json\/wp\/v2\/tags?post=1071"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}