EasyManua.ls Logo

GE MDS ORBIT ECR - Page 442

GE MDS ORBIT ECR
463 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
442 MDS Orbit MCR/ECR Technical Manual MDS 05-6632A01, Rev. F
set interfaces lo0 unit 0 family inet address 172.16.1.1/32
# Qos Traffic shaping (optional)
set interfaces gr-0/0/0 per-unit-scheduler
set chassis fpc 0 pic 0 tunnel-queuing
# Common routing
set routing-options static route 0.0.0.0/0 next-hop 172.18.175.62
# Common IKE
set security ike proposal IKE-PROP-PSK authentication-method pre-shared-keys
set security ike proposal IKE-PROP-PSK dh-group group14
set security ike proposal IKE-PROP-PSK authentication-algorithm sha-256
set security ike proposal IKE-PROP-PSK encryption-algorithm aes-128-cbc
set security ike policy IKE-POLICY-PSK proposals IKE-PROP-PSK
set security ike policy IKE-POLICY-PSK pre-shared-key ascii-text test123
# Common IPsec
set security ipsec proposal IPSEC-PROP protocol esp
set security ipsec proposal IPSEC-PROP authentication-algorithm hmac-sha-256-128
set security ipsec proposal IPSEC-PROP encryption-algorithm aes-128-cbc
set security ipsec policy IPSEC-POLICY perfect-forward-secrecy keys group14
set security ipsec policy IPSEC-POLICY proposals IPSEC-PROP
# Common Policies
set security policies from-zone TRUST to-zone TRUST policy TTT match source-address any
set security policies from-zone TRUST to-zone TRUST policy TTT match destination-address any
set security policies from-zone TRUST to-zone TRUST policy TTT match application any
set security policies from-zone TRUST to-zone TRUST policy TTT then permit
# Common zones
set security zones security-zone TRUST address-book address LOCAL-NET-1 172.16.1.1/32
set security zones security-zone TRUST host-inbound-traffic system-services all
set security zones security-zone TRUST interfaces vlan.0
set security zones security-zone TRUST interfaces vlan.1
set security zones security-zone TRUST interfaces lo0.0
set security zones security-zone UNTRUST host-inbound-traffic system-services ike
set security zones security-zone UNTRUST host-inbound-traffic system-services ping
set security zones security-zone UNTRUST host-inbound-traffic system-services ntp
set security zones security-zone UNTRUST interfaces ge-0/0/0.0

Table of Contents

Related product manuals