EasyManua.ls Logo

GE MDS ORBIT ECR - Page 443

GE MDS ORBIT ECR
463 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
MDS 05-6632A01, Rev. F MDS Orbit MCR/ECR Technical Manual 443
# Config for ORBIT135
# IPsec tunnel interface
set interfaces st0 unit 0 family inet address 10.11.11.1/30
# GRE tunnel interface
set interfaces gr-0/0/0 unit 0 tunnel source 172.16.1.1
set interfaces gr-0/0/0 unit 0 tunnel destination 172.16.1.2
set interfaces gr-0/0/0 unit 0 family inet mtu 1250
set interfaces gr-0/0/0 unit 0 family inet address 10.1.1.1/30
# Rate limiting applied to GRE tunnel interface (optional)
set class-of-service interfaces gr-0/0/0 unit 0 shaping-rate 1m
# IKE
set security ike gateway ORBIT135 ike-policy IKE-POLICY-PSK
set security ike gateway ORBIT135 address 172.18.175.135
set security ike gateway ORBIT135 local-identity inet 172.18.175.40
set security ike gateway ORBIT135 external-interface ge-0/0/0
set security ike gateway ORBIT135 version v2-only
# IPsec
set security ipsec vpn ORBIT135 bind-interface st0.0
set security ipsec vpn ORBIT135 ike gateway ORBIT135
set security ipsec vpn ORBIT135 ike ipsec-policy IPSEC-POLICY
# IPsec policies
set security policies from-zone TRUST to-zone VPN-ORBIT135 policy ORBIT135 match source-address
LOCAL-NET-1
set security policies from-zone TRUST to-zone VPN-ORBIT135 policy ORBIT135 match destination-address
ORBIT135-NET-1
set security policies from-zone TRUST to-zone VPN-ORBIT135 policy ORBIT135 match application any
set security policies from-zone TRUST to-zone VPN-ORBIT135 policy ORBIT135 then permit
set security policies from-zone VPN-ORBIT135 to-zone TRUST policy ORBIT135 match source-address
ORBIT135-NET-1
set security policies from-zone VPN-ORBIT135 to-zone TRUST policy ORBIT135 match destination-address
LOCAL-NET-1
set security policies from-zone VPN-ORBIT135 to-zone TRUST policy ORBIT135 match application any
set security policies from-zone VPN-ORBIT135 to-zone TRUST policy ORBIT135 then permit
set security zones security-zone VPN-ORBIT135 address-book address ORBIT135-NET-1 176.16.1.2/32
set security zones security-zone VPN-ORBIT135 interfaces st0.0

Table of Contents

Related product manuals