Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual page 169

interface tunnel
tunnel destination
Copyright © 2010, Juniper Networks, Inc.
host1:vrA(config-if)#exit
NOTE: FQDNs are used when tunnel destination endpoints do not have
a fixed address, as in cable and DSL environments.
For manual tunnels, specify the algorithm sets and the session key used for inbound
9.
SAs and for outbound SAs.
host1:vrA(config-if)#tunnel session-key-inbound esp-des-hmac-md5
a7bd567917bd5679 bd5678a7bd567917bd567917bd567678
host1:vrA(config-if)#tunnel session-key-outbound esp-3des-hmac-md5 421
567917bd567917bd567917bd545a17bd567917bd56784a7b
fda183bef567917bd567917bd567917b
(Optional) Configure PFS on this tunnel.
10.
host1:vrA(config-if)#tunnel pfs group 5
(Optional) Set the tunnel type to signaled or manual. The default is signaled.
11.
host1:vrA(config-if)#tunnel signaling isakmp
(Optional) Set the renegotiation time of the SAs in use by this tunnel.
12.
host1(config-if)#tunnel lifetime seconds 48000 kilobytes 249000
(Optional) Set the MTU size for the tunnel.
13.
host1(config-if)#tunnel mtu 2240
Use to create or configure an IPSec tunnel interface.
Use the transport-virtual-router keyword to establish the tunnel on a virtual router
other than the current virtual router context.
Example
host1(config)#interface tunnel ipsec:jak transport-virtual-router tvr041
host1(config-if)#
Use the no version to remove the tunnel.
See interface tunnel.
Use to set the address or identity of the remote tunnel endpoint.
For signaled IPSec tunnels in cable or DSL environments, use the FQDN to identify
the remote tunnel endpoint, which does not have a fixed IP address.
The identity string can include an optional user@ specification preceding the FQDN.
Example 1
host1(config-if)#tunnel destination 10.10.11.12
Example 2
Chapter 5: Configuring IPSec
143