Table of Contents
Advertisement
JunosE 11.2.x IP Services Configuration Guide
Configuring IPSec Tunnel Profiles
Limiting Interface Instantiations on Each Profile
max-interfaces
Specifying IKE Settings
ike local-identity
174
This sections explains how to configure the parameters that exist in the IPSec tunnel
profile configuration mode.
To define the maximum number of interfaces that the IPSec tunnel profile can instantiate,
use the max-interfaces command. Once the profile reaches the maximum number of
interfaces, the profile rejects any new interface instantiations and generates a
warning-level log. The default value (using the no version of the command) specifies
unlimited interface instantiation on a given profile.
Use to define the maximum number of interfaces that the IPSec tunnel profile can
instantiate.
Example
host1(config-ipsec-tunnel-profile)#max-interfaces 500
Use the no version to return the maximum value to unlimited, indicating no limit to the
number of interfaces that can be instantiated on this profile.
See max-interfaces.
This section describes how to define the IKE local identity and IKE peer identity values.
Setting the IKE Local Identity
To set the IKE local identity (phase 1 identity) used for IKE security association
negotiations, use the ike local-identity command.
NOTE: The authentication algorithm for an IKE SA is associated with its identity. You
must ensure that the client and server are set accordingly to successfully establish IKE
security associations.
Use to set the IKE local identity used for IKE security association (SA) negotiations.
Example
host1(config-ipsec-tunnel-profile)#ike local-identity domain-name domain1
Use the no version to remove the specified IKE local identity.
See ike local-identity.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
