1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE...
  6. Configuration manual

Defining Aggressive Mode For An Ike Policy Rule - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual

Software for e series broadband services routers ip services configuration guide
Hide thumbs
Table of Contents

Advertisement

ip address virtual-router

Defining Aggressive Mode for an IKE Policy Rule

aggressive-mode
Copyright © 2010, Juniper Networks, Inc.
When initiating and responding to an IKE SA exchange, the router evaluates the possible
policy rules as follows:
If an IP-address-specific IKE policy rule refers to the local IP address and virtual router
for this exchange, the router evaluates this policy rule before any
non-IP-address-specific IKE policy rules. If more than one IP-address-specific IKE policy
rule exists, the router evaluates the policy rule with the lowest priority number first and
then evaluates the policy rule with the next highest priority number and so on.
If no IP-address-specific IKE policy rule refers to the local IP address and virtual router
for this exchange, the router evaluates all non-IP-address-specific IKE policy rules in
the normal IKE policy rule evaluation order.
You can define an IKE policy rule without specifying an IP address or virtual router (the
default). When not specifically configured, the IKE policy rule remains valid for any local
IP address on any virtual router residing on the router.
Use to limit the scope of the IKE policy rule to the specified local IP address on the
specified virtual router. This limitation ensures that this policy rule is evaluated for IKE
security association evaluations for only the specified IP address and virtual router.
Example
host1(config-ike-policy)#ip address virtual-router VR1
Use the no version to remove the IP address and virtual router limitation.
See ip address virtual-router.
The aggressive-mode command enables aggressive mode negotiation for the tunnel.
For additional information about aggressive mode and how it works, see "Main Mode
and Aggressive Mode" on page 134 .
Use to enable aggressive mode negotiation for the tunnel.
If you specify aggressive mode negotiation, the tunnel proposes aggressive mode to
the peer in connections that the policy initiates.
If the peer initiates a negotiation, the tunnel accepts the negotiation if the mode
matches this policy.
Use the accepted keyword to accept aggressive mode when proposed by peers
Use the requested keyword to request aggressive mode when negotiating with peers
Use the required keyword to only request and accept aggressive mode when negotiating
with peers.
Example
host1(config-ike-policy)#aggressive-mode accepted
Chapter 6: Configuring Dynamic IPSec Subscribers
181

Advertisement

Table of Contents
loading

Related Manuals for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01

Related Content for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01

This manual is also suitable for:

Junose 11.3

Table of Contents