Table of Contents
Advertisement
Configuring IPSec Parameters
ipsec key manual pre-share
Copyright © 2010, Juniper Networks, Inc.
Use to specify an IPSec tunnel license.
NOTE: Acquire the license from Juniper Networks Customer Services and Support or
from your Juniper Networks sales representative.
Example
host1(config)#license ipsec-tunnels license string
Use the no version to disable the license.
See license ipsec-tunnels.
To configure IPSec:
For each endpoint, create a transform set that provides the desired encryption and
1.
authentication.
host1(config)#ipsec transform-set customerAprotection esp-3des-hmac-sha
host1(config)#ipsec transform-set customerBprotection ah-hmac-md5
Add a preshared key that the routers use to authenticate each other.
2.
host1(config)#ipsec key manual pre-share 5.2.0.1
host1(config-manual-key)#key customerASecret
After you enter a preshared key, the router encrypts the key and displays it in masked
form to increase the security of the key. If you need to reenter the key, you can enter
it in its masked form using this command.
To see the masked form of the key:
host1#show config
ipsec key manual pre-share 10.10.1.1
masked-key " AAAAGAAAAAcAAAACfd+SAsaVQ6Qeopt2rJOP6LDg+0hX5cMO"
To enter the masked key:
host1(config-manual-key)#masked-key
AAAAGAAAAAcAAAACfd+SAsaVQ6Qeopt2rJOP6LDg+0hX5cMO
Define the local endpoint used for ISAKMP/IKE negotiations for all IPSec tunnels in
3.
the router.
host1(config)#ipsec local-endpoint 10.10.1.1 transport-virtual-router vr#8
(Optional) Set the global (default) lifetime for all SAs on the router.
4.
host1(config)#ipsec lifetime kilobytes 42000000
Chapter 5: Configuring IPSec
139
Advertisement
Table of Contents
