Table of Contents
Advertisement
JUNOSe 11.1.x IP Services Configuration Guide
tunnel source
tunnel transform-set
Configuring DPD and IPSec Tunnel Failover
You can use the ipsec option dpd command to enable dead peer detection (DPD)
on the router. DPD is also known as IKE keepalive. If an IPSec tunnel destination
backup is configured, the router redirects traffic to the alternate destination when
DPD detects a disconnection between the E Series router and the regular tunnel
destination. See "tunnel destination backup" on page 155 .
To enable DPD and create an alternate IPSec tunnel destination for failover:
1.
2.
154
Configuration Tasks
manual Specifies that security parameters and keys are configured manually
Example
host1(config-if)#tunnel signaling manual
Use the no version to restore the default value, isakmp.
See tunnel signaling.
Use to specify an existing interface address that serves as the tunnel's source
address.
For signaled IPSec tunnels in cable or DSL environments, you can optionally use
an FQDN to identify the tunnel endpoint.
Example
host1(config-if)#tunnel source 10.10.2.8
Use the no version to remove the tunnel source.
See tunnel source.
Use to specify the transform set that ISAKMP uses during SA negotiations on this
tunnel. You create transform sets using "ipsec transform-set" on page 148 .
Example
host1(config-if)#tunnel transform-set espSet
Use the no version to remove the transform set from a tunnel.
See tunnel transform-set.
Enable DPD on the router.
host1(config)#ipsec option dpd
Enter virtual router mode. Specify the VR that contains the source and destination
addresses assigned to the tunnel interface (that is, the transport virtual router
context).
Advertisement
Table of Contents
Need help?
Do you have a question about the IP SERVICES - CONFIGURATION GUIDE V 11.1.X and is the answer not in the manual?