Table of Contents
Advertisement
license ipsec-tunnels
Configuring IPSec Parameters
Copyright © 2010, Juniper Networks, Inc.
SRP 10G – 10,000
SRP 40G – 20,000
Use to specify an IPSec tunnel license.
NOTE: Acquire the license from Juniper Networks Customer Services and
Support or from your Juniper Networks sales representative.
Example
host1(config)#license ipsec-tunnels license string
Use the no version to disable the license.
See license ipsec-tunnels.
To configure IPSec:
For each endpoint, create a transform set that provides the desired encryption and
1.
authentication.
host1(config)#ipsec transform-set customerAprotection esp-3des-hmac-sha
host1(config)#ipsec transform-set customerBprotection ah-hmac-md5
Add a preshared key that the routers use to authenticate each other.
2.
host1(config)#ipsec key manual pre-share 5.2.0.1
host1(config-manual-key)#key customerASecret
After you enter a preshared key, the router encrypts the key and displays it in masked
form to increase the security of the key. If you need to reenter the key, you can enter
it in its masked form using this command.
To see the masked form of the key:
host1#show config
ipsec key manual pre-share 10.10.1.1
masked-key " AAAAGAAAAAcAAAACfd+SAsaVQ6Qeopt2rJOP6LDg+0hX5cMO"
To enter the masked key:
host1(config-manual-key)#masked-key
AAAAGAAAAAcAAAACfd+SAsaVQ6Qeopt2rJOP6LDg+0hX5cMO
Define the local endpoint used for ISAKMP/IKE negotiations for all IPSec tunnels in
3.
the router.
host1(config)#ipsec local-endpoint 10.10.1.1 transport-virtual-router vr#8
(Optional) Set the global (default) lifetime for all SAs on the router.
4.
host1(config)#ipsec lifetime kilobytes 42000000
Chapter 5: Configuring IPSec
139
Advertisement
Table of Contents
