file size 10m;
flag all;
level 15;
}
proposal IKE_PROP {
authentication-method pre-shared-keys;
dh-group group14;
authentication-algorithm sha-256;
encryption-algorithm aes-256-cbc;
lifetime-seconds 3600;
}
policy IKE_POL {
mode aggressive;
proposals IKE_PROP;
pre-shared-key ascii-text <enter psk>;
}
gateway GW1 {
ike-policy IKE_POL;
address 2.2.2.2;
local-identity user-at-hostname "r0r2_store1@juniper.net";
external-interface ge-0/0/0;
local-address 3.3.3.2;
version v1-only;
}
[edit]
root@ipsec-nm# show security ipsec
traceoptions {
flag all;
}
proposal IPSEC_PROP {
protocol esp;
authentication-algorithm hmac-sha-256-128;
encryption-algorithm aes-256-cbc;
lifetime-seconds 2600;
}
policy IPSEC_POL {
perfect-forward-secrecy keys group14;
proposals IPSEC_PROP;
}
vpn VPN1 {
ike gateway GW1;
ike ipsec-policy IPSEC_POL;
traffic-selector VPN1_TS1 {
local-ip 51.0.1.0/24;
remote-ip 41.0.1.0/24;
}
establish-tunnels immediately;
}
[edit]
root@ipsec-nm# show security flow
tcp-mss {
all-tcp mss 1300;
}
[edit]
root@ipsec-nm# show security policies
default-policy {
183Copyright © 2017, Juniper Networks, Inc.
Chapter 8: Understanding IPSec-NM
To Next Page
Loading...
