Table of Contents
Advertisement
pre-share-masked
Copyright © 2010, Juniper Networks, Inc.
Use to configure an unencrypted (red) preshared key to authenticate IKE negotiations
that arrive from any remote IP address specified for this transport profile and that are
destined for the local IP address. If the remote endpoint address is a wildcard address,
this preshared key is a group preshared key.
CAUTION: Group preshared keys are not fully secure, and we do not
recommend using them. They are provided for trials and testing purposes
where the missed security does not pose a risk to the provider.
To have preshared key authentication take place, you must also specify the IKE policy
rule as preshared by entering authentication pre-share in ISAKMP Policy Configuration
mode.
Example
host1(config-ipsec-transport-profile-local)#pre-share secretforL2tp
Use the no version to remove the key.
NOTE: After you enter a preshared key, the original (unencrypted) key
cannot be retrieved. If you need to reenter the original key (for example,
the system goes to factory default and you have only the show config
output) you can:
Use the show config command to see the encrypted (masked) form of
1.
the key.
Use the pre-shared-masked command to enter the masked key. The
2.
system will behave the same as when you entered the first pre-share
key command.
See pre-share.
Use to specify an encrypted preshared key. To obtain this key, you enter an unencrypted
key using the pre-share command. You then run the show config command, and the
router displays the preshared key in encrypted form. You enter the encrypted key using
the pre-share-masked command.
The router uses the preshared key to authenticate IKE negotiations that arrive from
any remote IP address specified for this transport profile and that are destined for any
local IP address specified for this transport profile. If the remote endpoint address is
a wildcard address, this preshared key is a group preshared key.
CAUTION: Group preshared keys are not fully secure, and we do not
recommend using them. They are provided for trials and testing purposes,
where the missed security does not pose a risk to the provider.
Chapter 12: Securing L2TP and IP Tunnels with IPSec
293
Advertisement
Table of Contents
Related Manuals for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01
Related Products for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01
- Juniper JUNOSE SOFTWARE FOR E SERIES 11.0.X - BGP AND MPLS CONFIGURATION GUIDE 2009-12-30
- Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - BGP AND MPLS CONFIGURATION GUIDE 2010-10-12
- Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - MULTICAST ROUTING CONFIGURATION GUIDE 2010-10-07
- Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - PHYSICAL LAYER CONFIGURATION GUIDE 2010-09-24
- Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - POLICY MANAGEMENT CONFIGURATION GUIDE 2010-10-04
- Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - SERVICE AVAILABILITY CONFIGURATION GUIDE 2010-10-08
- Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - LINK LAYER CONFIGURATION GUIDE 2010-10-13
- Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - QUALITY OF SERVICE CONFIGURATION GUIDE 2010-09-22
- Juniper JUNOS SOFTWARE 10.2 - SOFTWARE INSTALLATION AND UPGRADE GUIDE 4-28-2010
- Juniper JUNOS 10.1 - CONFIGURATION GUIDE 1-2010
- Juniper JUNOSE 11.1.X - BROADBAND ACCESS CONFIGURATION GUIDE 6-4-2010
- Juniper JUNOSE SOFTWARE 11.1.X - BROADBAND ACCESS CONFIGURATION GUIDE 6-6-2010
- Juniper JUNOSE 11.1.X - QUALITY OF SERVICE CONFIGURATION GUIDE 3-21-2010
- Juniper JUNOSE SOFTWARE 11.0.X - LINK LAYER CONFIGURATION GUIDE 4-1-2010
- Juniper JUNOSE SOFTWARE 11.2.X - BROADBAND ACCESS CONFIGURATION GUIDE 7-20-2010
- Juniper JUNOSE SOFTWARE 11.2.X - LINK LAYER CONFIGURATION GUIDE 7-7-2010