Juniper JUNOSE 11.0.X IP SERVICES Configuration Manual page 360

JUNOSe 11.0.x IP Services Configuration Guide
D
dead peer detection. See DPD
default-information originate command.......................27
destination profiles
configuring..........................................................265
monitoring..........................................................270
destruct timeout period for single-shot tunnels..........296
digital certificates
authenticating the peer.......................................216
base64................................................................213
CA hierarchy.......................................................216
certificate chains.................................................216
checking CRLs....................................................216
configuring..........................................................221
file extensions.....................................................216
generating private/public key pairs.....................216
monitoring..........................................................237
obtaining a public key certificate........................216
obtaining a root CA certificate.............................216
obtaining public keys without.....................220, 232
offline configuration............................................221
offline enrollment...............................................216
online configuration............................................227
online enrollment...............................................216
overview.............................................................213
signature authentication.....................................215
standards............................................................216
viewing...............................................216, 217, 237
X.509v3..............................................................215
documentation set
comments on......................................................xxv
DPD (dead peer detection).........................................139
DVMRP (Distance Vector Multicast Routing Protocol)
reassembly of tunnel packets..............................280
tunnels................................................................246
dvmrp destination profile command..........................267
DVMRP with IPSec
how it works.......................................................300
setting up secure connection..............................300
dynamic IP tunnels
configuring..........................................................265
monitoring..........................................................270
overview.............................................................261
dynamic tunnels........................................................261
E
enable commands
enable ipsec-transport.........................................297
enable ipsec-transport command...............................268
endpoints, tunnel.......................................................245
F
filter lists, BGP..............................................................23
334
Index
filtering
AS paths...............................................................23
network prefixes...................................................21
undesirable traffic.................................................33
firewall
configuring..........................................................113
monitoring..........................................................120
firewall commands
license firewall maximum-virtual-router..............117
flow statistics commands
cache entries.......................................................100
cache timeout.....................................................100
enabled...............................................................100
export destination ..............................................100
export source......................................................100
ip flow-aggregation cache ..................................100
mask destination ...............................................100
FQDN (fully qualified domain name)..........133, 150, 155
aggressive mode.................................................141
user@fqdn format..............................................133
with digital certificates........................................133
with preshared keys............................................133
fully qualified domain name. See FQDN
G
GRE (Generic Routing Encapsulation)
reassembly of tunnel packets..............................280
tunnels................................................................245
gre destination profile command...............................268
GRE with IPSec
how it works.......................................................300
setting up secure connection..............................300
H
home agent, Mobile IP. See Mobile IP home agent
I
idle timeout period for single-shot tunnels.................296
IKE (Internet Key Exchange)
aggressive mode characteristics..........................141
aggressive mode negotiations.............................141
authentication without digital
certificates...............................................220, 232
initiator proposals and policy rules.....................142
main mode characteristics..................................141
overview.............................................................140
SA negotiation....................................................144
using digital certificates.......................................215
IKE commands..........................................................182
ike local-identity.................................................182
ike peer-identity..................................................182
IKE message notification type....................................158