O'Reilly logo

JUNOS Cookbook by Aviva Garrett

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

3.1. Configuring IPSec

Problem

You need a secure method of sending information between sites.

Solution

Start by defining the IPSec SA between your two intranet sites. On each security router, define identical SAs:

	[edit security ipsec]
	aviva@router1# edit security-association site1-site2
	[edit security ipsec security-association site1-site2]
	aviva@router1# set description "SA from site1 to site2"
	aviva@router1# set mode tunnel
	aviva@router1# set manual direction bidirectional protocol bundle
	aviva@router1# set manual direction bidirectional spi 400
	aviva@router1# set manual direction bidirectional auxiliary-spi 400
	aviva@router1# set manual direction bidirectional authentication algorithm hmac-sha1-96
	aviva@router1# set manual direction bidirectional authentication key ascii-text 
$1991poPPi
	aviva@router1# set manual direction bidirectional encryption algorithm des-cbc
	aviva@router1# set manual direction bidirectional encryption key ascii-text $1991poPPi

Configuring a firewall filter accepts all traffic returning from the remote site:

	[edit firewall filter traffic-out-of-ipsec-tunnel]
	aviva@router1# set term out-of-ipsec-tunnel from source-address 10.0.97.0/24
	aviva@router1# set term out-of-ipsec-tunnel from destination-address 10.0.12.0/24
	aviva@router1# set term out-of-ipsec-tunnel then accept

Finally, apply the second filter on the ES interface that goes from the local security gateway to the remote security gateway:

	[edit interfaces es-3/0/0]
	aviva@router1# set unit 0 tunnel source ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required