1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOSE 11.2.X IP SERVICES
  6. Configuration manual

Defining Ipsec Security Association Lifetime Parameters; Defining User Reauthentication Protocol Values - Juniper JUNOSE 11.2.X IP SERVICES Configuration Manual

For e series broadband services routers - ip services configuration
Hide thumbs
Table of Contents

Advertisement

JunosE 11.2.x IP Services Configuration Guide
local ip network

Defining IPSec Security Association Lifetime Parameters

lifetime

Defining User Reauthentication Protocol Values

178
and reach the VPN. Other traffic (for example, Web browsing) would travel directly to
the Internet through the local service provider without passing through the tunnel.
NOTE: Split tunneling functions only when supported by the client software. It is up to
the client to modify its routing table with the network information for split tunneling to
occur
Use to specify networks that are reachable through the IPSec tunnel. You can configure
up to 16 networks for this method of " split-tunneling."
Example
host1(config-ipsec-tunnel-profile)#local ip network 10.0.0.0 255.255.255.252
Use the no version to remove the specified network from the reachable list.
See local ip network.
The lifetime command defines the IPSec SA lifetime parameters the tunnel profile can
use for IPSec SA negotiations. These parameters include the phase 2 lifetime as a range
in seconds or traffic volume.
Use to specify the IPSec lifetime parameters used on IPSec SA lifetime negotiations.
Example
host1(config-ipsec-tunnel-profile)#lifetime seconds 5000 25000
Use the no version to return the lifetime to its default value, 28800 seconds (8 hours)
and no traffic volume limit.
See lifetime.
The extended-authentication command specifies the extended user authentication
protocol for use during the extended user authentication protocol exchange.
The re-authenticate keyword enables the reauthentication option (a subsequent
authentication procedure). When this option is enabled, rekeying of IKE SAs uses the
initial authentication protocol to reauthenticate the user. When this option is disabled,
authentication is only performed at the first IKE SA establishment. Subsequent IKE SAs
rekey operations inherit the initial authentication and do not reauthenticate users.
NOTE: For maximum security, enable reauthentication.
The skip-peer-config keyword disables the router from configuring peer IP characteristics.
Copyright © 2010, Juniper Networks, Inc.

Advertisement

Table of Contents
loading

Related Manuals for Juniper JUNOSE 11.2.X IP SERVICES

Related Content for Juniper JUNOSE 11.2.X IP SERVICES

This manual is also suitable for:

Junose 11.2.x

Table of Contents