Configuring Ipsec Rules - Juniper ACX1000 Configuration Manual
Junos os; acx series universal access router
Hide thumbs
Also See for ACX1000:
- User manual (216 pages) ,
- Hardware manual (204 pages) ,
- Quick start manual (27 pages)
Table of Contents
Advertisement
Configuring IPsec Rules
Copyright © 2017, Juniper Networks, Inc.
an IKE Proposal. You must manually configure a preshared key, which must match that
of its peer. The preshared key can be an ASCII text (alphanumeric) key or a hexadecimal
key.
To configure the preshared key in an IKE policy, include the
and a key at the
[edit services ipsec-vpn ike policy policy-name]
[edit services ipsec-vpn ike policy policy-name]
pre-shared-key (ascii-text key | hexadecimal key);
ACX Series routers support
To configure an IPsec rule, include the
hierarchy level:
services ipsec-vpn]
[edit services ipsec-vpn]
rule rule-name {
match-direction input;
term term-name {
from {
destination-address address;
ipsec-inside-interface interface-name;
source-address address;
}
then {
backup-remote-gateway address;
dynamic {
ike-policy policy-name;
ipsec-policy policy-name;
}
initiate-dead-peer-detection;
dead-peer-detection {
interval seconds;
threshold number;
}
manual {
direction (inbound | outbound | bidirectional) {
authentication {
algorithm (hmac-sha-256-128| hmac-sha1-96);
key (ascii-text key | hexadecimal key);
}
auxiliary-spi spi-value;
encryption {
algorithm algorithm;
key (ascii-text key | hexadecimal key);
}
protocol esp;
spi spi-value;
}
}
no-anti-replay;
remote-gateway address;
}
ascii-text
key.
statement and specify a rule name at the
rule
Chapter 33: Configuring IPsec
statement
pre-shared-keys
hierarchy level:
[edit
1105
- Quick Links:
- Interfaces
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
