# example vpnc configuration file for Juniper SRX
# see vpnc --long-help for details
# This file will help you better understand how to get connected with an SRX

# You'll need to know a few things about your SRX configuration (or have an administrator help you out:

# Is the SRX dynamic VPN in shared-ike-id mode? If so, awesome! If not, you need it to be in shared-ike-id mode to use VPNC. If your administrator is super nice, they can usually change it without adverse effects to other Pulse clients.

# Is IKE Phase 1 using a "standard" proposal set? If not, what diffie hellman group is it using?
# You (or an administrator) can check this by:
# show security ike policy <your-vpn-policy>

# Is perfect forward secrecy enabled? If so, what diffie hellman group is it using?
# Check this by:
# show security ipsec policy <your-vpn-ipsec-policy> perfect-forward-secrecy
# Usually group2 is what most people use

# Is IKE phase 1 in aggressive mode? It should be for VPNC to work.
# Check via:
# show security ike policy <your-vpn-policy> mode

# Is IKE Phase 1 using a pre-shared key? You'll need it! If not, you won't be able to use VPNC
# You can view the hash via:
# show security ike policy <your-vpn-policy> pre-shared-key ascii-text

# What's the hostname for IKE Gateway?
#show security ike gateway <vpn-gateway-name> dynamic hostname

# Now, below is a skeleton of a vpnc config for a Juniper SRX

Vendor juniper

#This determines the name of the VPN device that vpnc creates
Interface name tun0 

#This corresponds to the diffie hellman group used for IKE Phase 1
#If you're using the "standard" proposal set this will be dh2
#Otherwise, follow the directions above
IKE DH Group dh2

#This is the diffie hellman group used for perfect forward secrecy
Perfect Forward Secrecy dh2

#This is the path to the default vpnc-script
#You may replace this script with something better
Script /etc/vpnc/vpnc-script

#The IP address or hostname of your Juniper SRX device
IPSec gateway my.gateway.com

#This corresponds to the IKE Gateway dynamic hostname
#Refer to the instructions above
IPSec ID myhostname

#This is the IPSEC pre-shared-key
IPSec secret lafamigliamjaac

#This is your username
Xauth username myuser
#This is your password
Xauth password mypassword
#This tells VPNC to use a pre-shared-key
IKE Authmode psk