Table of Contents
Advertisement
JUNOSe 11.1.x IP Services Configuration Guide
Defining an IKE Policy
IKE policies define parameters that the router uses during IKE phase 1 negotiation.
To create an IKE policy:
You can then set the following parameters, or use the default settings:
aggressive-mode
156
Configuration Tasks
host1(config-if)#tunnel destination backup identity
branch245.customer88.isp.net
host1(config-if)#tunnel destination backup identity
user4925@branch245.customer88.isp.net
Use the no version to restore the default in which the regular tunnel destination
is also the backup tunnel destination.
See tunnel destination backup.
host1(config)#ipsec ike-policy-rule 3
host1(config-ike-policy)#
Allow aggressive mode negotiation.
host1(config-ike-policy)#aggressive-mode
Specify the authentication method.
host1(config-ike-policy)#authentication pre-share
Specify the encryption algorithm.
host1(config-ike-policy)#encryption 3des
Assign a Diffie-Hellman group.
host1(config-ike-policy)#group 5
Set the hash algorithm.
host1(config-ike-policy)#hash md5
Specify the lifetime of IKE SAs created using this policy.
host1(config-ike-policy)#lifetime 360
Use to enable aggressive mode negotiation for the tunnel.
If you specify aggressive mode negotiation, the tunnel proposes aggressive mode
to the peer in connections that the policy initiates.
If the peer initiates a negotiation, the tunnel accepts the negotiation if the mode
matches this policy.
Use the accepted keyword to accept aggressive mode when proposed by peers
Advertisement
Table of Contents
Need help?
Do you have a question about the IP SERVICES - CONFIGURATION GUIDE V 11.1.X and is the answer not in the manual?