ipsec transport profile
lifetime
local ip address
Copyright © 2010, Juniper Networks, Inc.
Provides IPSec filtering based on the received IP address (the NAT public IP
address), rather than filtering based on the negotiated IKE identities.
Example
host1(config-ipsec-transport-profile)#application gre dvmrp l2tp
Use the no version to return to the default application type, L2TP.
See application.
Use to create an IPSec transport profile and to enter IPSec Transport Profile
Configuration mode. To create a new profile, you must include the following keywords:
virtual-router—Name of the virtual router on which you want to create the profile
ip address—Remote endpoint for the IPSec transport connection.
For L2TP/IPSec connections, you can enter a fixed IP address or the wildcard address,
0.0.0.0. If you use the wildcard address, the profile accepts any remote client
connection, which is a typical scenario for secure remote access.
For GRE/IPSec and DVMRP/IPSec connections, you must enter a fixed address; the
0.0.0.0 wildcard address is not accepted and will return an error.
Example
host1(config)#ipsec transport profile secureL2tp virtual-router default ip address
5.5.5.5
host1(config-ipsec-transport-profile)#
Use the no version to delete the profile.
See ipsec transport profile.
Use to set a lifetime range for the IPSec connection in volume of traffic or in seconds
or both.
If the PC client offers a lifetime within this range, the router accepts the offer. If the PC
client offers a lifetime outside this range, the router rejects the connection.
Example
host1(config-ipsec-transport-profile)#lifetime seconds 900 86400 kilobytes 100000
4294967295
Use the no version to restore the default values, 100000–4294967295 KB and
900–86400 seconds (0.25–24 hours).
See lifetime.
Chapter 12: Securing L2TP and IP Tunnels with IPSec
291