Specifying Local Networks; Defining Ipsec Security Association Lifetime Parameters; Defining User Reauthentication Protocol Values - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual
Software for e series broadband services routers ip services configuration guide
Table of Contents
Advertisement
JunosE 11.3.x IP Services Configuration Guide
Specifying Local Networks
local ip network
Defining IPSec Security Association Lifetime Parameters
lifetime
Defining User Reauthentication Protocol Values
178
The local ip network command enables you to specify local, reachable networks through
the IPSec tunnel. This type of " split tunneling" enables a remote station to separate VPN
traffic from Internet traffic. For example a client connecting to a corporate Intranet could
use split-tunneling to send all traffic destined to 10.0.0.0/8 through the secure tunnel
and reach the VPN. Other traffic (for example, Web browsing) would travel directly to
the Internet through the local service provider without passing through the tunnel.
NOTE: Split tunneling functions only when supported by the client software.
It is up to the client to modify its routing table with the network information
for split tunneling to occur
Use to specify networks that are reachable through the IPSec tunnel. You can configure
up to 16 networks for this method of " split-tunneling."
Example
host1(config-ipsec-tunnel-profile)#local ip network 10.0.0.0 255.255.255.252
Use the no version to remove the specified network from the reachable list.
See local ip network.
The lifetime command defines the IPSec SA lifetime parameters the tunnel profile can
use for IPSec SA negotiations. These parameters include the phase 2 lifetime as a range
in seconds or traffic volume.
Use to specify the IPSec lifetime parameters used on IPSec SA lifetime negotiations.
Example
host1(config-ipsec-tunnel-profile)#lifetime seconds 5000 25000
Use the no version to return the lifetime to its default value, 28800 seconds (8 hours)
and no traffic volume limit.
See lifetime.
The extended-authentication command specifies the extended user authentication
protocol for use during the extended user authentication protocol exchange.
The re-authenticate keyword enables the reauthentication option (a subsequent
authentication procedure). When this option is enabled, rekeying of IKE SAs uses the
initial authentication protocol to reauthenticate the user. When this option is disabled,
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
