EasyManua.ls Logo

Juniper NFX250 - Page 197

Juniper NFX250
230 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Table 24: IKE, IPSec SAs, and Security Zones Configuration (continued)
Configuration ParametersNameFeature
permit-alldefault-policypolicies
trust host-inbound-traffic system-services all
trust host-inbound-traffic protocols all
trust interfaces ge-0/0/0.0
untrust host-inbound-traffic system-services all
untrust host-inbound-traffic protocols all
untrust interfaces ge-0/0/1.0
security-zonezones
unit 0 vlan-id 100
unit 0 family inet address 3.3.3.2/24
unit 0 family inet6 address 3000::1/64
vlan-tagging
ge-0/0/0interfaces
unit 0 vlan-id 4088
unit 0 family inet address 51.0.1.1/24
unit 0 family inet6 address 5000::1/64
vlan-tagging
ge-0/0/1
static route 2.2.2.0/24 next-hop 21.1.1.2routing-optionsRouting options
Configuration
CLI Quick
Configuration
To quickly configure this example, copy the following commands, paste them into a text
file, remove any line breaks, change any details necessary to match your network
configuration, copy and paste the commands into the CLI at the [edit] hierarchy level,
and then enter commit from configuration mode.
set security ike traceoptions file kmd
set security ike traceoptions file size 10m
set security ike traceoptions flag all
set security ike traceoptions level 15
set security ike proposal IKE_PROP authentication-method pre-shared-keys
set security ike proposal IKE_PROP dh-group group14
set security ike proposal IKE_PROP authentication-algorithm sha-256
set security ike proposal IKE_PROP encryption-algorithm aes-256-cbc
set security ike proposal IKE_PROP lifetime-seconds 3600
set security ike policy IKE_POL mode aggressive
set security ike policy IKE_POL proposals IKE_PROP
set security ike policy IKE_POL pre-shared-key ascii-text <enter psk>
set security ike gateway GW1 ike-policy IKE_POL
set security ike gateway GW1 address 2.2.2.2
set security ike gateway GW1 local-identity user-at-hostname "r0r2_store1@juniper.net"
set security ike gateway GW1 external-interface ge-0/0/0
set security ike gateway GW1 local-address 3.3.3.2
set security ike gateway GW1 version v1-only
set security ipsec traceoptions flag all
set security ipsec proposal IPSEC_PROP protocol esp
179Copyright © 2017, Juniper Networks, Inc.
Chapter 8: Understanding IPSec-NM

Table of Contents

Other manuals for Juniper NFX250

Preview: Quick Start
Quick Start9 pages
Preview: Quick Start Guide
Quick Start Guide7 pages

Related product manuals