VPN Mode Configuration Commands
230
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Command example:
SRX5308>
vpn ipsec mode_config configure EMEA Sales
vpn-config[modeConfig]>
first_pool_start_ip 172.16.100.1
vpn-config[modeConfig]>
first_pool_end_ip 172.16.100.99
vpn-config[modeConfig]>
second_pool_start_ip 172.16.200.1
vpn-config[modeConfig]>
second_pool_end_ip 172.16.200.99
vpn-config[modeConfig]>
dns_server_primary_ip 192.168.1.1
vpn-config[modeConfig]>
pfs_key_group Y
vpn-config[modeConfig]>
dh_group Group2_1024_bit
vpn-config[modeConfig]>
sa_lifetime_type Seconds
vpn-config[modeConfig]>
sa_lifetime 3600
vpn-config[modeConfig]>
encryption_algorithm 3DES
vpn-config[modeConfig]>
integrity_algorithm SHA-1
vpn-config[modeConfig]>
local_ip 192.168.1.0
vpn-config[modeConfig]>
local_subnet_mask 255.255.255.0
vpn-config[modeConfig]>
save
sa_lifetime_type Seconds or KBytes Specifies whether the sa_lifetime
keyword is set in seconds or Kbytes.
sa_lifetime seconds or number Depending on the setting of the
sa_lifetime_type keyword, the SA
lifetime in seconds or in KBytes.
encryption_algorithm None, DES, 3DES, AES-128,
AES-192, or AES-256
Specifies the encryption algorithm, if any, to
negotiate the security association (SA):
• None.
• DES. Data Encryption Standard (DES).
• 3DES. Triple DES.
• AES-128. Advanced Encryption Standard
(AES) with a 128-bit key size.
• AES-192. AES with a 192-bit key size.
• AES-256. AES with a 256-bit key size.
integrity_algorithm MD5 or SHA-1 Specifies the authentication (integrity)
algorithm to negotiate the security
association (SA):
• SHA-1. Hash algorithm that produces a
160-bit digest.
• MD5. Hash algorithm that produces a
128-bit digest.
local_ip ipaddress The local IPv4 address to which remote VPN
clients have access. If you do not specify a
local IP address, the wireless VPN firewall’s
default LAN IP address is used.
local_subnet_mask subnet mask The local subnet mask.
Keyword Associated Keyword to
Select or Parameter to Type
Description
To Next Page
Loading...
