Table of Contents
Advertisement
Enabling IPSec Support for GRE and DVMRP Tunnels
interface tunnel dvmrp
interface tunnel gre
Configuring IPSec Transport Profiles
Copyright © 2010, Juniper Networks, Inc.
Set up the GRE or DVMRP tunnel, specifying the virtual router and destination address,
and enabling IPSec support. See "Configuring IP Tunnels" on page 237.
Set up digital certificates on the router, or configure preshared keys for IKE
authentication.
To set up digital certificates, see "Configuring Digital Certificates" on page 205.
To set up preshared keys, see "Configuring IPSec Parameters" on page 139 in
"Configuring IPSec" on page 119.
Create IPSec policies. See "Defining an IKE Policy" on page 148 in "Configuring IPSec"
on page 119.
Configure IPSec transport profiles. See "Configuring IPSec Transport Profiles" on
page 289.
To create GRE/IPSec and DVMRP/IPSec tunnels, use the ipsec-transport keyword with
the interface tunnel command.
Use with the ipsec-transport keyword to create a GRE or DVMRP tunnel that is
protected with IPSec in transport mode.
NOTE: After you create a clear GRE or DVMRP tunnel, you cannot convert
it to an IPSec-secured tunnel, or vice versa. You must delete the tunnel
configuration, then reconfigure the tunnel as the new type.
You can establish the tunnel on a virtual router other than the current virtual router.
Example
host1(config)#interface tunnel gre:denver-tunnel-5 transport-virtual-router denver
ipsec-transport
host1(config-if)#
Use the no version to remove the tunnel.
See interface tunnel.
To configure an IPSec transport profile that will be used to secure DVMRP, GRE, or L2TP
tunnels:
Create the profile.
1.
host1(config)#ipsec transport profile secureGre virtual-router default ip address
5.5.5.5
Chapter 12: Securing L2TP and IP Tunnels with IPSec
289
Advertisement
Table of Contents
