JunosE 11.3.x IP Services Configuration Guide
154
On each ERX router, create preshared keys for the three routers to use to authenticate
2.
each other:
erx1(config)#ipsec key manual pre-share 100.2.0.1
erx1(config-manual-key)#key customerASecret
erx1(config-manual-key)#exit
erx1(config)#ipsec key manual pre-share 100.3.0.1
erx1(config-manual-key)#key customerASecret
erx1(config-manual-key)#exit
erx2(config)#ipsec key manual pre-share 100.1.0.1
erx2(config-manual-key)#key customerASecret
erx2(config-manual-key)#exit
erx2(config)#ipsec key manual pre-share 100.3.0.1
erx2(config-manual-key)#key customerASecret
erx2(config-manual-key)#exit
erx3(config)#ipsec key manual pre-share 100.1.0.1
erx3(config-manual-key)#exit
erx3(config-manual-key)#key customerASecret
erx3(config)#ipsec key manual pre-share 100.2.0.1
erx3(config-manual-key)#key customerASecret
erx3(config-manual-key)#exit
On erx1 create two IPSec tunnels, one to carry customer A's traffic between Ottawa
3.
and Boston and another to carry the traffic between Ottawa and Boca:
Tunnel 1:
erx1(config)#interface tunnel ipsec:Aottawa2boston
erx1(config-if)#tunnel transform-set customerAprotection
erx1(config-if)#tunnel local-identity subnet 200.1.0.0 255.255.0.0
erx1(config-if)#tunnel peer-identity subnet 200.3.0.0 255.255.0.0
erx1(config-if)#tunnel source 100.1.0.1
erx1(config-if)#tunnel destination 100.3.0.1
erx1(config-if)#ip address 200.3.0.0 255.255.0.0
erx1(config-if)#exit
Tunnel 2:
erx1(config)#interface tunnel ipsec:Aottawa2boca
erx1(config-if)#tunnel transform-set customerAprotection
erx1(config-if)#tunnel local-identity subnet 200.1.0.0 255.255.0.0
erx1(config-if)#tunnel peer-identity subnet 200.2.0.0 255.255.0.0
erx1(config-if)#tunnel source 100.1.0.1
erx1(config-if)#tunnel destination 100.2.0.1
erx1(config-if)#ip address 200.2.0.0 255.255.0.0
erx1(config-if)#exit
On erx2 create two IPSec tunnels, one to carry customer A's traffic between Boca and
4.
Ottawa and another to carry the traffic between Boca and Boston:
Tunnel 1:
erx2(config)#interface tunnel ipsec:Aboca2ottawa
erx2(config-if)#tunnel transform-set customerAprotection
erx2(config-if)#tunnel local-identity subnet 200.2.0.0 255.255.0.0
erx2(config-if)#tunnel peer-identity subnet 200.1.0.0 255.255.0.0
erx2(config-if)#tunnel source 100.2.0.1
erx2(config-if)#tunnel destination 100.1.0.1
Copyright © 2010, Juniper Networks, Inc.
Need help?
Do you have a question about the JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 and is the answer not in the manual?