Juniper NFX250 - Page 198

To Next Page

To Previous Page

set security ipsec proposal IPSEC_PROP authentication-algorithm hmac-sha-256-128

set security ipsec proposal IPSEC_PROP encryption-algorithm aes-256-cbc

set security ipsec proposal IPSEC_PROP lifetime-seconds 2600

set security ipsec policy IPSEC_POL perfect-forward-secrecy keys group14

set security ipsec policy IPSEC_POL proposals IPSEC_PROP

set security ipsec vpn VPN1 ike gateway GW1

set security ipsec vpn VPN1 ike ipsec-policy IPSEC_POL

set security ipsec vpn VPN1 traffic-selector VPN1_TS1 local-ip 51.0.1.0/24

set security ipsec vpn VPN1 traffic-selector VPN1_TS1 remote-ip 41.0.1.0/24

set security ipsec vpn VPN1 establish-tunnels immediately

set security flow tcp-mss all-tcp mss 1300

set security policies default-policy permit-all

set security zones security-zone trust host-inbound-traffic system-services all

set security zones security-zone trust host-inbound-traffic protocols all

set security zones security-zone trust interfaces ge-0/0/0.0

set security zones security-zone untrust host-inbound-traffic system-services all

set security zones security-zone untrust host-inbound-traffic protocols all

set security zones security-zone untrust interfaces ge-0/0/1.0

set interfaces ge-0/0/0 unit 0 vlan-id 100

set interfaces ge-0/0/0 unit 0 family inet address 3.3.3.2/24

set interfaces ge-0/0/0 unit 0 family inet6 address 3000::1/64

set interfaces ge-0/0/0 vlan-tagging

set interfaces ge-0/0/1 unit 0 vlan-id 4088

set interfaces ge-0/0/1 unit 0 family inet address 51.0.1.1/24

set interfaces ge-0/0/1 unit 0 family inet6 address 5000::1/64

set interfaces ge-0/0/1 vlan-tagging

set routing-options static route 2.2.2.0/24 next-hop 21.1.1.2

Step-by-Step

Procedure

The following example requires you to navigate various levels in the configuration

hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration

Mode in the Junos OS CLI User Guide.

To configure IKE, IPSec SAs, and security zones:

1. Log in to an IPSec-NM device and enter configuration mode.

[edit]

root@ipsec-nm> configure

root@ipsec-nm#

2. Configure IKE traceoptions:

[edit security ike]

root@ipsec-nm# set security ike traceoptions file kmd

root@ipsec-nm# set security ike traceoptions file size 10m

root@ipsec-nm# set security ike traceoptions flag all

root@ipsec-nm# set security ike traceoptions level 15

3. Configure an IKE proposal:

[edit security ike]

root@ipsec-nm# set security ike proposal IKE_PROP authentication-method

pre-shared-keys

root@ipsec-nm# set security ike proposal IKE_PROP dh-group group14

JDM User Guide for NFX250 Network Services Platform

Main Page

Juniper NFX250 - Page 198

Table of Contents

Other manuals for Juniper NFX250

Related product manuals