Configuring Ipsec Rule Sets; Tracing Ipsec Operations - Juniper ACX1000 Configuration Manual

ACX Series Universal Access Router Configuration Guide

Configuring IPsec Rule Sets

Tracing IPsec Operations

1108
The statement defines a collection of IPsec rules that determine what actions
rule-set
the router software performs on packets in the data stream. You define each rule by
specifying a rule name and configuring terms. Then, you specify the order of the rules by
including the statement at the
rule-set
statement for each rule:
rule
[edit services ipsec-vpn]
rule-set rule-set-name {
rule rule-name;
}
The router software processes the rules in the order in which you specify them in the
configuration. If a term in a rule matches the packet, the router performs the corresponding
action and the rule processing stops. If no term in a rule matches the packet, processing
continues to the next rule in the rule set. If none of the rules matches the packet, the
packet is dropped by default.
Trace operations track IPsec events and record them in a log file in the
By default, this file is named
To trace IPsec operations, include the
hierarchy level:
ipsec-vpn]
[edit services ipsec-vpn]
traceoptions {
file <filename> <files number> <match regular-expression> <size bytes> <world-readable |
no-world-readable>;
flag flag;
level level;
no-remote-trace;
}
You can specify the following IPsec tracing flags:
all —Trace everything.
—Trace certificates events.
certificates
database —Trace security associations database events.
—Trace general events.
general
ike —Trace IKE module processing.
—Trace configuration processing.
parse
policy-manager —Trace policy manager processing.
—Trace routing socket messages.
routing-socket
[edit services ipsec-vpn]
/var/log/kmd .
statement at the
traceoptions
hierarchy level with a
directory.
/var/log
[edit services
Copyright © 2017, Juniper Networks, Inc.