Table of Contents
Advertisement
Specifying an IP Profile for IP Interface Instantiations
ip profile
Defining the Server IP Address
local ip address
Copyright © 2010, Juniper Networks, Inc.
The ip profile command specifies the IP profile that is passed from the IPSec layer to
the IP layer upon request for upper layer instantiation.
Use to specify the IP profile that the IPSec layer passes on to the IP layer upon request
for upper-layer instantiation.
Example
host1(config-ipsec-tunnel-profile)#ip profile ipProfile1
Use the no version to remove the association with this profile.
See ip profile.
The local ip address command defines the specified local IP address as the server
address. The router monitors UDP port 500 for incoming login requests (that is, IKE SA
negotiations) from users.
NOTE: This address is typically made public to all users trying to connect to
a VPN on this router.
This command enables you to optionally set a global preshared key for the specified
server address. When using global preshared keys, keep the following in mind:
Global preshared keys enable a group of users to share a single authentication key,
simplifying the administrative job of setting up keys for multiple users.
Specific keys for individual users have higher priority than global keys. If both individual
and global keys are configured, the individual that also has a specific key must use that
key or authentication fails.
More than one profile can specify the same local endpoint and virtual router. Because
the last value set overrides the other, we recommend that you avoid this type of
configuration.
Use to specify the given local IP address as a server address.
Example
host1(config-ipsec-tunnel-profile)#local ip address 192.2.52.12
Use the no version to stop the router from monitoring UDP port 500 for user requests
and remove any preshared key associations with the local IP address.
See local ip address.
Chapter 6: Configuring Dynamic IPSec Subscribers
177
Advertisement
Table of Contents
