Amazon’s provided VPN configuration files for JunOS makes a few assumptions:
- your zones are name trust and untrust
- a default BGP route of
0.0.0.0/0is sufficient to get traffic to your branch network
A new trust rule is needed to permit traffic to and from the trusted
zone.
set security policies from-zone trusted to-zone trusted policy
ec2-vpn-policy match source-address any
set security policies from-zone trusted to-zone trusted policy
ec2-vpn-policy match destination-address any
set security policies from-zone trusted to-zone trusted policy
ec2-vpn-policy match application any
set security policies from-zone trusted to-zone trusted policy
ec2-vpn-policy then permit