Table of Contents
Advertisement
JUNOSe 11.0.x IP Services Configuration Guide
local ip address
Specifying Local Networks
The local ip network command enables you to specify local, reachable networks
through the IPSec tunnel. This type of " split tunneling" enables a remote station to
separate VPN traffic from Internet traffic. For example a client connecting to a
corporate Intranet could use split-tunneling to send all traffic destined to 10.0.0.0/8
through the secure tunnel and reach the VPN. Other traffic (for example, Web
browsing) would travel directly to the Internet through the local service provider
without passing through the tunnel.
NOTE: Split tunneling functions only when supported by the client software. It is up
to the client to modify its routing table with the network information for split tunneling
to occur
local ip network
Defining IPSec Security Association Lifetime Parameters
The lifetime command defines the IPSec SA lifetime parameters the tunnel profile
can use for IPSec SA negotiations. These parameters include the phase 2 lifetime as
a range in seconds or traffic volume.
lifetime
186
Configuring IPSec Tunnel Profiles
More than one profile can specify the same local endpoint and virtual router.
Because the last value set overrides the other, we recommend that you avoid
this type of configuration.
Use to specify the given local IP address as a server address.
Example
host1(config-ipsec-tunnel-profile)#local ip address 192.2.52.12
Use the no version to stop the router from monitoring UDP port 500 for user
requests and remove any preshared key associations with the local IP address.
See local ip address.
Use to specify networks that are reachable through the IPSec tunnel. You can
configure up to 16 networks for this method of " split-tunneling."
Example
host1(config-ipsec-tunnel-profile)#local ip network 10.0.0.0 255.255.255.252
Use the no version to remove the specified network from the reachable list.
See local ip network.
Advertisement
Table of Contents
