Table of Contents
Advertisement
Chapter 6
IKE Overview ..............................................................................................140
Main Mode and Aggressive Mode ..........................................................141
Aggressive Mode Negotiations ........................................................141
IKE Policies ...........................................................................................142
Priority ...........................................................................................142
Encryption ......................................................................................143
Hash Function ................................................................................143
Authentication Mode ......................................................................143
Diffie-Hellman Group ......................................................................144
Lifetime ..........................................................................................144
IKE SA Negotiation ................................................................................144
Generating Private and Public Key Pairs ...............................................144
Configuration Tasks .....................................................................................145
Configuring an IPSec License ................................................................145
Configuring IPSec Parameters ...............................................................146
Creating an IPSec Tunnel ......................................................................149
Configuring DPD and IPSec Tunnel Failover .........................................154
Defining an IKE Policy ..........................................................................156
Refreshing SAs ......................................................................................159
Enabling Notification of Invalid Cookies ................................................159
Configuration Examples ..............................................................................160
Configuration Notes ..............................................................................160
Monitoring IPSec .........................................................................................168
System Event Logs ................................................................................168
show Commands ..................................................................................169
Overview .....................................................................................................177
Dynamic Connection Setup ..................................................................177
Dynamic Connection Teardown ............................................................178
Dynamic IPSec Subscriber Recognition .................................................178
Licensing Requirements ........................................................................178
Inherited Subscriber Functionality ........................................................179
Using IPSec Tunnel Profiles ...................................................................179
Relocating Tunnel Interfaces .................................................................180
User Authentication ..............................................................................180
Platform Considerations ..............................................................................180
References ..................................................................................................181
Creating an IPSec Tunnel Profile .................................................................181
Configuring IPSec Tunnel Profiles ................................................................182
Limiting Interface Instantiations on Each Profile ...................................182
Specifying IKE Settings .........................................................................182
Setting the IKE Local Identity .........................................................182
Setting the IKE Peer Identity ..........................................................183
Appending a Domain Suffix to a Username ..........................................184
Overriding IPSec Local and Peer Identities for SA Negotiations .............184
Specifying an IP Profile for IP Interface Instantiations ...........................185
Defining the Server IP Address .............................................................185
Specifying Local Networks ....................................................................186
Table of Contents
177
xiii
Table of Contents
Advertisement
Table of Contents
Related Manuals for Juniper IP SERVICES - CONFIGURATION GUIDE V 11.1.X
Related Products for Juniper IP SERVICES - CONFIGURATION GUIDE V 11.1.X
- Juniper IGP - CONFIGURATION GUIDE V11.1.X
- Juniper IP - CONFIGURATION GUIDE V11.1.X
- Juniper IPV6 - CONFIGURATION GUIDE V11.1.X
- Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP-IPV6-IGP CONFIGURATION GUIDE 2010-10-31
- Juniper NETWORK AND SECURITY MANAGER NSMXPRESS SERIES II - REV1
- Juniper IDP 75
- Juniper IDP 8200
- Juniper IDP 250