•
Read “Overview of IP Security” on page 169 and “Configuring IP Security Network
Manager” on page 170 topics.
Overview
In this example you configure IKE, IPSec SAs, and security zones. This example configures
the parameters that are described in Table 24 on page 178.
Table 24: IKE, IPSec SAs, and Security Zones Configuration
Configuration ParametersNameFeature
•
file kmd
•
file size 10m
•
flag all
•
level 15
ike traceoptionsIKE traceoptions
•
authentication-method pre-shared-keys
•
dh-group group14
•
authentication-algorithm sha-256
•
authentication-algorithm sha-256
•
lifetime-seconds 3600
IKE_PROPIKE proposal
•
mode aggressive
•
proposals IKE_PROP
•
pre-shared-key ascii-text <enter psk>
IKE_POLIKE policy
•
ike-policy IKE_POL
•
address 2.2.2.2
•
local-identity user-at-hostname "r0r2_store1@juniper.net"
•
external-interface ge-0/0/0
•
local-address 3.3.3.2
•
version v1-only
GW1IKE gateway
flag allipsec traceoptionsIPSec traceoptions
•
protocol esp
•
authentication-algorithm hmac-sha-256-128
•
encryption-algorithm aes-256-cbc
•
lifetime-seconds 2600
IPSEC_PROPIPSec proposal
•
perfect-forward-secrecy keys group14l
•
proposals IPSEC_PROP
IPSEC_POLIPSec policy
•
ike gateway GW1
•
ike ipsec-policy IPSEC_POL
•
traffic-selector VPN1_TS1 local-ip 51.0.1.0/24
•
traffic-selector VPN1_TS1 remote-ip 41.0.1.0/24
•
establish-tunnels immediately
VPN1IPSec VPN
all-tcp mss 1300tcp-mssflow
Copyright © 2017, Juniper Networks, Inc.178
JDM User Guide for NFX250 Network Services Platform
To Next Page
Loading...
