To configure IPSec-NM as xauth client and configure IKE gateway, complete the following
steps:
1. Configure username of the xauth client:
root@ipsec-nm# set security ike gateway gateway-name xauth client username
xauth-client-username
2. Configure password of the xauth client:
root@ipsec-nm# set security ike gateway gateway-name xauth client password
xauth-client-password
3. Configure an IKE gateway with an IKE policy:
root@ipsec-nm# set security ike gateway gateway-name ike-policy ike-policy-name
4. Configure an IKE gateway with an address or hostname of the peer:
root@ipsec-nm# set security ike gateway gateway-nameaddressaddress-or-hostname-of-peer
5. Enable dead peer detection (DPD) feature to send DPD messages periodically:
root@ipsec-nm# set security ike gateway gateway-name dead-peer-detection always-send
6. Enable dead peer detection (DPD) feature to send DPD messages at a regular interval:
root@ipsec-nm# set security ike gateway gateway-name dead-peer-detection interval
10-to-60-seconds
7. Configure the maximum number of DPD retransmissions:
root@ipsec-nm# set security ike gateway gateway-name dead-peer-detection threshold
1-to-5
8. Configure an external interface for IKE negotiations:
root@ipsec-nm# set security ike gateway gateway-name external-interface ge-0/0/2
9. Configure the local IKE address:
root@ipsec-nm# set security ike gateway gateway-name local-address local-address
10. Configure the local IKE identity:
root@ipsec-nm# set security ike gateway gateway-name local-identity <inet | inet6 | key-id
| hostname | user-at-hostname | distinguished-name>
11. Set the version of the IKE protocol:
root@ipsec-nm# set security ike gateway gateway-name version v1-only
Copyright © 2017, Juniper Networks, Inc.174
JDM User Guide for NFX250 Network Services Platform
To Next Page
Loading...
