O'Reilly logo

ScreenOS Cookbook by Sunil Wadhwa, Joe Kelly, Ken Draper, David Delcourt, Vik Davar, Stefan Brunner

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

21.5. Terminate IPSec Tunnels in the VSYS

Problem

You want to terminate IP Security (IPSec) VPN tunnels within a selected VSYS while using a shared zone in the root system for connection to the Internet Key Exchange (IKE) peer.

Solution

Create a VSYS and use the shared untrust interface/zone in the root system for connectivity to the remote IKE peer.

The root system configuration is:

	ns5400-> set hostname root
	root-> set interface e2/1 zone untrust
	root-> set interface e2/1 ip 10.54.0.3/24
	root-> set route 0.0.0.0/0 interface e2/1 gateway 10.54.0.254
	root-> set dns host dns1 10.10.10.30
	root-> set clock ntp
	root->set ntp server your.choice.com

Then, create a VSYS:

	root-> set vsys cust1
	root(cust1)-> set admin name cust1admin
	<system message-Change Password>
	root(cust1)->set admin password juniper8

Create the zones and interfaces:

	root(cust1)-> set interface e2/4.8 tag 18 zone trust-cust1
	root(cust1)-> set interface e2/4.8 ip 10.54.8.254/24
	root(cust1)-> set zone name vpn
	root(cust1)-> set interface loopback.8 zone vpn
	root(cust1)-> set interface loopback.8 ip 10.54.81.1/29
	root(cust1)->set interface loopback.8 manage ping

Set the routes:

	root(cust1)-> set vr trust route 10.54.8.0/24 vr cust1-vr
	root(cust1)-> set vr trust route 10.54.81.0/29 vr cust1-vr
	root(cust1)->set route 0.0.0.0/0 vr trust-vr

Then, set policies for VPN establishment:

	root(cust1)-> set policy from untrust to vpn gt-1 any any permit
	root(cust1)->set pol from vpn to untrust any gt-1 any permit

Set the VPN configuration ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required