Table of Contents
Advertisement
JUNOSe 11.0.x IP Services Configuration Guide
9.
10.
11.
12.
13.
interface tunnel
tunnel destination
150
Configuration Tasks
For manual tunnels, specify the algorithm sets and the session key used for
inbound SAs and for outbound SAs.
host1:vrA(config-if)#tunnel session-key-inbound esp-des-hmac-md5
a7bd567917bd5679 bd5678a7bd567917bd567917bd567678
host1:vrA(config-if)#tunnel session-key-outbound esp-3des-hmac-md5 421
567917bd567917bd567917bd545a17bd567917bd56784a7b
fda183bef567917bd567917bd567917b
(Optional) Configure PFS on this tunnel.
host1:vrA(config-if)#tunnel pfs group 5
(Optional) Set the tunnel type to signaled or manual. The default is signaled.
host1:vrA(config-if)#tunnel signaling isakmp
(Optional) Set the renegotiation time of the SAs in use by this tunnel.
host1(config-if)#tunnel lifetime seconds 48000 kilobytes 249000
(Optional) Set the MTU size for the tunnel.
host1(config-if)#tunnel mtu 2240
Use to create or configure an IPSec tunnel interface.
Use the transport-virtual-router keyword to establish the tunnel on a virtual
router other than the current virtual router context.
Example
host1(config)#interface tunnel ipsec:jak transport-virtual-router tvr041
host1(config-if)#
Use the no version to remove the tunnel.
See interface tunnel.
Use to set the address or identity of the remote tunnel endpoint.
For signaled IPSec tunnels in cable or DSL environments, use the FQDN to
identify the remote tunnel endpoint, which does not have a fixed IP address.
The identity string can include an optional user@ specification preceding
the FQDN.
Example 1
host1(config-if)#tunnel destination 10.10.11.12
Example 2
host1(config-if)#tunnel destination identity branch245.customer77.isp.net
Advertisement
Table of Contents
