Mar 20 2015

Mikrotik IPSec VPNs with multiple destination Networks/Policies and SA(s) management.

While configuring Multiple Networks VPNs (Multiple policy and destination SubNets reached via the same remote IPSec VPN Peer) between Mikrotik and other Firewalls, traffic would randomly stop for certain destinations.

Packet forwarding and encryption only works for one destination (the first matched IPSec Policy) and any other destination (and only the first matched one) will be reachable by performing a ‘SA Flush’.

Continue reading

Feb 26 2012

Juniper SRX: Customize “Default-Deny” policy to allow Dropped Sessions Logging.

In JunOS traffic which doesn’t match an explicitly defined security policy matches against the default-deny policy.

Administrators who would track (LOG) denied sessions, will simply choose to create their own deny policies with the desired options and place this deny policy as the last policy for traffic going from one zone to another.
While working with instances where many zones have been configured, it might be very time-consuming to manually configure this to accommodate all zones.
Continue reading