root@ipsec-nm# set security ike proposal IKE_PROP authentication-algorithm
sha-256
root@ipsec-nm# set security ike proposal IKE_PROP encryption-algorithm
aes-256-cbc
root@ipsec-nm# set security ike proposal IKE_PROP lifetime-seconds 3600
4. Configure an IKE policy:
[edit security ike]
root@ipsec-nm# set security ike policy IKE_POL mode aggressive
root@ipsec-nm# set security ike policy IKE_POL proposals IKE_PROP
root@ipsec-nm# set security ike policy IKE_POL pre-shared-key ascii-text <enter
psk>
5. Configure an IKE gateway.
[edit security ike]
root@ipsec-nm# set security ike gateway GW1 ike-policy IKE_POL
root@ipsec-nm# set security ike gateway GW1 address 2.2.2.2
root@ipsec-nm# set security ike gateway GW1 local-identity user-at-hostname
"r0r2_store1@juniper.net"
root@ipsec-nm# set security ike gateway GW1 external-interface ge-0/0/0
root@ipsec-nm# set security ike gateway GW1 local-address 3.3.3.2
root@ipsec-nm# set security ike gateway GW1 version v1-only
6. Configure IPSec traceoptions:
[edit security ipsec]
root@ipsec-nm# set security ipsec traceoptions flag all
7. Configure an IPSec proposal.
[edit security ipsec]
root@ipsec-nm# set security ipsec proposal IPSEC_PROP protocol esp
root@ipsec-nm# set security ipsec proposal IPSEC_PROP authentication-algorithm
hmac-sha-256-128
root@ipsec-nm# set security ipsec proposal IPSEC_PROP encryption-algorithm
aes-256-cbc
root@ipsec-nm# set security ipsec proposal IPSEC_PROP lifetime-seconds 2600
8. Configure an IPSec policy.
[edit security ipsec]
root@ipsec-nm# set security ipsec policy IPSEC_POL perfect-forward-secrecy keys
group14
root@ipsec-nm# set security ipsec policy IPSEC_POL proposals IPSEC_PROP
9. Configure the IPSec VPN.
[edit security ipsec]
root@ipsec-nm# set security ipsec vpn VPN1 ike gateway GW1
root@ipsec-nm# set security ipsec vpn VPN1 ike ipsec-policy IPSEC_POL
root@ipsec-nm# set security ipsec vpn VPN1 traffic-selector VPN1_TS1 local-ip
51.0.1.0/24
181Copyright © 2017, Juniper Networks, Inc.
Chapter 8: Understanding IPSec-NM
To Next Page
Loading...
