JunosE 11.3.x IP Services Configuration Guide
domain-suffix
Overriding IPSec Local and Peer Identities for SA Negotiations
local ip identity
peer ip identity
176
for authentication, you can use the domain-suffix command to append a domain suffix
to the username. Using the default, no domain suffix, passes usernames transparently
to AAA.
Use to specify a domain suffix that you want to append to any usernames received on
this profile.
Example
host1(config-ipsec-tunnel-profile)#domain-suffix domain2
Use the no version to restore the default value, no domain suffix, and usernames are
passed transparently to AAA.
See domain-suffix.
You can use the local ip identity and peer ip identity commands to override the local
and peer identities used for SA negotiations (respectively).
Use to override the local identity (phase 2 identity) used for IPSec security association
negotiations. For IPSec negotiations to succeed, the local and peer identities at one
end of the tunnel must match the peer and local identities at the other end
(respectively).
Example
host1(config-ipsec-tunnel-profile)#local ip identity range 10.30.11.1 10.30.11.50
Use the no version to restore the default value, the internal IP address allocated for
the subscriber.
See local ip identity.
Use to override the peer identity (phase 2 identity) used for IPSec security association
negotiations. For IPSec negotiations to succeed, the local and peer identities at one
end of the tunnel must match the peer and local identities at the other end
(respectively).
Example
host1(config-ipsec-tunnel-profile)#peer ip identity address 10.227.1.2
Use the no version to restore the default value, the internal IP address allocated for
the subscriber.
See peer ip identity.
Copyright © 2010, Juniper Networks, Inc.