[j-nsp] Anyone know how to run IPSec on an M40?
Thanh_Mai at 3com.com
Thanh_Mai at 3com.com
Tue Sep 28 12:59:03 EDT 2004
I get the correct inbound/outbound SPIs on both routers, but no traffic can
pass through the IPSec tunnel. What am I missing? Any suggestions on what I
can do to debug this? I'm a juniper novice.
Thanks.
10.101.175.0/24----JuniperM40-----212.0.12.0/30-------Cisco--10.6.0.0/24
t1-4/0/0:11 {
unit 0 {
family inet {
address 212.0.12.1/30 {
destination 212.0.12.2;
}
}
}
}
es-4/2/0 {
unit 0 {
tunnel {
source 212.0.12.1;
destination 212.0.12.2;
}
family inet {
filter {
input Decrypt-Policy;
}
ipsec-sa Current;
}
}
}
fxp0 {
unit 0 {
family inet {
filter {
input Encrypt-Policy;
}
address 10.101.175.246/24;
}
}
}
security {
ipsec {
proposal Current {
protocol ah;
authentication-algorithm hmac-md5-96;
}
policy all {
proposals Current;
}
security-association Current {
mode tunnel;
dynamic {
ipsec-policy all;
}
}
}
ike {
proposal default {
authentication-method pre-shared-keys;
dh-group group1;
authentication-algorithm sha1;
encryption-algorithm des-cbc;
lifetime-seconds 86400;
}
policy 212.0.12.2 {
proposals default;
pre-shared-key ascii-text "$9$wosaUq.5F6AfT";
}
}
}
firewall {
filter Decrypt-Policy {
term Direct {
from {
source-address {
10.6.0.0/24;
}
destination-address {
10.101.175.0/24;
}
}
then ipsec-sa Current;
}
term default {
then accept;
}
}
filter Encrypt-Policy {
term Direct {
from {
source-address {
10.101.175.0/24;
}
destination-address {
10.6.0.0/24;
}
}
then ipsec-sa Current;
}
term default {
then accept;
}
}
}
More information about the juniper-nsp
mailing list