To configure IPSec VPN, complete the following steps:
1. Define an IKE-keyed IPSec VPN:
root@ipsec-nm# set security ipsec vpn vpn-name ike gateway remote-gateway-name
2. Define an IPSec policy for the IPSec VPN:
root@ipsec-nm# set security ipsec vpn vpn-name ike ipsec-policy ipsec-policy-name
3. Define a local traffic selector for the IPSec VPN:
root@ipsec-nm# set security ipsec vpn vpn-name traffic-selector traffic-selector-name local-ip
local-traffic-selector-ip-address
4. Define a remote traffic selector for the IPSec VPN:
root@ipsec-nm# set security ipsec vpn vpn-name traffic-selector traffic-selector-name
remote-ip remote-traffic-selector-ip-address
5. Define a criteria to establish IPSec VPN tunnels:
root@ipsec-nm# set security ipsec vpn vpn-name establish-tunnels immediately
6. Configure default action and permit all traffic if the user-defined policy does not
match:
root@ipsec-nm# set security policies default-policy permit-all
Related
Documentation
IPsec VPN Overview•
Example: Configuring IKE, IPSec, and Security Zones
The master administrator is responsible for assigning an interface to a user logical system
and configuring IKE, IPSec SAs, and security zones. This example shows how to assign
an interface to a user logical system and configure IKE, IPSec SAs, and security zone
parameters.
•
Requirements on page 177
•
Overview on page 178
•
Configuration on page 179
•
Verification on page 184
Requirements
Before you begin:
•
Log in to the master logical system as the master administrator. See “Understanding
the Master Logical System and the Master Administrator Role.
177Copyright © 2017, Juniper Networks, Inc.
Chapter 8: Understanding IPSec-NM
To Next Page
Loading...
Need help?
General
