Juniper SRX100 Manuale Scaricare il pdf (Pagina 8)

APPLICATION NOTE - Quickstart Guide for Branch SRX Series Services Gateways

Configuration

To illustrate the simplicity of setting up IPsec tunnels, the command sequence is divided into four repeatable steps.

Readers should refer to standard Juniper Networks documentation to further understand the various IKE/IPsec

configuration options.

1. Create a secure tunnel interface.

set interfaces st0 unit 0 family inet

set security zones security-zone trust interfaces st0.0

2. Configure routing.

set routing-options static route 10.1.1.0/24 next-hop st0.0

3. Configure IKE Phase 1 parameters.

set security ike proposal P1-AES authentication-method pre-shared-keys

set security ike proposal P1-AES dh-group group2

set security ike proposal P1-AES authentication-algorithm sha1

set security ike proposal P1-AES encryption-algorithm aes-128-cbc

set security ike policy ike-policy-1 mode main

set security ike policy ike-policy-1 proposals P1-AES

set security ike policy ike-policy-1 pre-shared-key ascii-text juniper

set security ike gateway gw1 address 1.1.1.2

set security ike gateway gw1 external-interface fe-0/0/7.0

set security ike gateway gw1 ike-policy ike-policy-1

4. Configure IPsec Phase 2 parameters.

set security ipsec proposal P2-AES protocol esp

set security ipsec proposal P2-AES authentication-algorithm hmac-sha1-96

set security ipsec proposal P2-AES encryption-algorithm aes-128-cbc

set security ipsec policy ipsec-policy-1 proposals P2-AES

set security ipsec policy ipsec-policy-1 perfect-forward-secrecy keys group2

set security ipsec vpn vpn1 ike gateway gw1

set security ipsec vpn vpn1 ike ipsec-policy ipsec-policy-1

set security ipsec vpn vpn1 establish-tunnels immediately

set security ipsec vpn vpn1 bind-interface st0.0

5. Use the “commit” command at the CLI prompt in the configuration mode to activate the configuration.

commit

1 2 3 4 5 6 7 8 9 10 11

Nessun commento

Juniper SRX100 Manuale Pagina 8