[j-nsp] IP sec allowed "proxy list / access-list" in JunOS

Andrew Ramsey akramsey at juniper.net
Mon Mar 15 06:25:56 EST 2004


Hi,

Are you using the ES PIC or the ASP?  The configuration is different for
each.

For ES PIC:
http://www.juniper.net/techpubs/software/junos/junos62/swconfig62-servic
es/html/encryption-config7.html

For ASP:  The documentation for configuring this on the ASP is not so
good :-( .  Maybe an example would help, so I'll see what I can do.
What you're looking for is the configuration for an IPSec rule:
http://www.juniper.net/techpubs/software/junos/junos62/swconfig62-servic
es/html/ipsec-config43.html

Andy


> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of 
> Bosco Sachanandani
> Sent: Sunday, March 14, 2004 11:00 PM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] IP sec allowed "proxy list / access-list" in JunOS
> 
> 
> hi,
> 
> I have setup an IPSec 3DES tunnel from an M20 to a 
> Netscreen500 which is working without any problems.
> 
> However, the current setup allows ANY to ANY traffic to pass 
> through the IPSec tunnel.
> 
> The netscreen has a "proxy-id" configuration where the 
> prefixes that are allowed to pass through the IPSec tunnel 
> can be specified.
> 
> Can someone direct me to a link where I can find the 
> procedure to do the same on the M20? I searched the Juniper 
> website but could not find anything for the M series routers.
> 
> Thank you
> 
> regards,
> Bosco
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> http://puck.nether.net/mailman/listinfo/junipe> r-nsp
> 



More information about the juniper-nsp mailing list