Table of Contents
Advertisement
JUNOSe 11.0.x IP Services Configuration Guide
Configuration Examples
This section contains examples of two IPSec applications. The first example shows
a customer who replaces a leased line network with an IPSec network that allows
the company to connect its corporate locations over the Internet. The second example
provides leased line replacement to two customers who use address schemes in the
same range.
Configuration Notes
Both the local and remote identities shown in these examples serve two purposes:
Example 1
In Figure 15 on page 160 customer A is using Frame Relay to connect its corporate
offices in three cities: Boston, Ottawa, and Boca.
Figure 15: Customer A's Corporate Frame Relay Network
Customer A hires ISP-X to provide a leased line replacement over an IP infrastructure
using IPSec. ISP-X can offer a replacement for long-haul Frame Relay links by creating
IPSec tunnels to carry customer A's traffic securely between the sites over the public
or ISP-provided IP network. This alternative costs only a fraction of the price of the
Frame Relay links. Figure 16 on page 161 shows the connectivity scheme.
160
Configuration Examples
Use to enable the router to send an invalid cookie notification to an IKE peer
when the router does not recognize the initiator-responder cookie pair.
Example
host1(config)#ipsec option tx-invalid-cookie
Use the no version to restore the default, disabling the ability to send an invalid
cookie notification.
See ipsec option tx-invalid-cookie.
They identify multiple IPSec tunnels between the same endpoints.
They filter traffic going into and coming out of the tunnels so that it is within the
specified range. If the configuration requires that only one IPSec tunnel exists
between two endpoints and no traffic filtering is required, you can omit the
tunnel local-identity and tunnel peer-identity commands.
Advertisement
Table of Contents
