[j-nsp] Anyone know how to run IPSec on an M40?
Thanh_Mai at 3com.com
Thanh_Mai at 3com.com
Fri Oct 1 17:31:09 EDT 2004
Many Thanks to Harry Reynolds and Daniel Verlouw for the assistance in
getting this to work:
LAN1(10.101.175.0/24)---Juniper----212.0.12.0/30----Cisco---LAN2(10.6.0.0
/27)
fe-3/1/0 {
unit 0 {
family inet {
filter {
input Encrypt-Policy;
}
address 10.101.175.246/24;
}
}
}
t1-4/0/0:11 {
unit 0 {
family inet {
address 212.0.12.1/30;
}
}
}
es-4/2/0 {
unit 0 {
tunnel {
source 212.0.12.1;
destination 212.0.12.2;
}
family inet {
ipsec-sa Current;
filter {
input Decrypt-Policy;
}
}
}
}
security {
ipsec {
proposal Current {
protocol ah;
authentication-algorithm hmac-md5-96;
}
policy all {
proposals Current;
}
security-association Current {
mode tunnel;
dynamic {
ipsec-policy all;
}
}
}
ike {
proposal default {
authentication-method pre-shared-keys;
dh-group group1;
authentication-algorithm sha1;
encryption-algorithm des-cbc;
lifetime-seconds 86400;
}
policy 212.0.12.2 {
proposals default;
pre-shared-key ascii-text "$9$wosaUq.5F6AfT";
}
}
}
firewall {
filter Encrypt-Policy {
term Direct {
from {
source-address {
10.101.175.0/24;
}
destination-address {
10.6.0.0/24;
}
}
then ipsec-sa Current;
}
term Default {
then accept;
}
}
filter Decrypt-Policy {
term Direct {
from {
source-address {
10.6.0.0/24;
}
destination-address {
10.101.175.0/24;
}
}
then accept;
}
}
}
More information about the juniper-nsp
mailing list