User manual JUNIPER NETWORKS JUNOSE 11.1.X IP SERVICES CONFIGURATION
Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!
If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Lastmanuals provides you a fast and easy access to the user manual JUNIPER NETWORKS JUNOSE 11.1.X IP SERVICES. We hope that this JUNIPER NETWORKS JUNOSE 11.1.X IP SERVICES user guide will be useful to you.
Lastmanuals help download the user guide JUNIPER NETWORKS JUNOSE 11.1.X IP SERVICES.
Manual abstract: user guide JUNIPER NETWORKS JUNOSE 11.1.X IP SERVICESCONFIGURATION
Detailed instructions for use are in the User's Guide.
[. . . ] JUNOSeTM Software for E SeriesTM Broadband Services Routers
IP Services Configuration Guide
Release 11. 1. x
Juniper Networks, Inc.
1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000
www. juniper. net
Published: 2010-04-04
Juniper Networks, the Juniper Networks logo, JUNOS, NetScreen, ScreenOS, and Steel-Belted Radius are registered trademarks of Juniper Networks, Inc. in the United States and other countries. JUNOSe is a trademark of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. [. . . ] See interface tunnel.
tunnel destination
Use to set the address or identity of the remote tunnel endpoint.
For signaled IPSec tunnels in cable or DSL environments, use the FQDN to identify the remote tunnel endpoint, which does not have a fixed IP address. The identity string can include an optional user@ specification preceding the FQDN.
Example 1
host1(config-if)#tunnel destination 10. 10. 11. 12
Example 2
host1(config-if)#tunnel destination identity branch245. customer77. isp. net
150
Configuration Tasks
Chapter 5: Configuring IPSec
Example 3
host1(config-if)#tunnel destination identity user4919@branch245. customer77. isp. net
Use the no version to remove the address. See tunnel destination.
tunnel lifetime
Use to set the renegotiation time of the SAs in use by this tunnel. To configure the lifetime in number of seconds, use the seconds keyword to specify the lifetime in the range 1800864000. The default value is 28800 seconds. To configure the lifetime in amount of traffic, use the kilobytes keyword to specify the lifetime in the range 1024004294967295. If you include the seconds keyword as the first keyword on the command line, you can also include the kilobytes keyword on the same line. Before either the volume of traffic or number of seconds limit is reached, the SA is renegotiated, which ensures that the tunnel does not go down during renegotiation. Example
host1(config-if)#tunnel lifetime seconds 48000 kilobytes 249000
Use the no version to restore the default lifetime (28800 seconds) and an unlimited volume. See tunnel lifetime.
tunnel local-identity
Use to configure the local identity (selector) of the tunnel. Specify the identity using one of the following keywords:
address--Specifies an IP address as the local identity subnet--Specifies a subnet as the local identity range--Specifies a range of IP addresses as the local identity
Example 1
host1(config-if)#tunnel local-identity range 10. 10. 1. 1 10. 10. 2. 1
Example 2
host1(config-if)#tunnel local-identity subnet 10. 10. 1. 1 255. 255. 255. 0
Use the no version to restore the default identity, which is subnet 0. 0. 0. 0 0. 0. 0. 0 See tunnel local-identity.
Configuration Tasks
151
JUNOSe 11. 1. x IP Services Configuration Guide
tunnel mtu
Use to set the MTU size for the tunnel. Example
host1(config-if)#tunnel mtu 2240
Use the no version to restore the default MTU (1440). See tunnel mtu.
tunnel peer-identity
Use to configure the peer identity (selector) that ISAKMP uses. Specify the identity using one of the following keywords:
address--Specifies an IP address as the peer identity subnet--Specifies a subnet as the peer identity range--Specifies a range of IP addresses as the peer identity
Example 1
host1(config-if)#tunnel peer-identity range 10. 10. 1. 1 10. 10. 2. 2
Example 2
host1(config-if)#tunnel peer-identity subnet 130. 10. 1. 1 255. 255. 255. 0
Use the no version to remove the peer identity. See tunnel peer-identity.
tunnel pfs group
Use to configure perfect forward secrecy (PFS) on this tunnel. Assign a Diffie-Hellman prime modulus group using one of the following keywords:
1--768-bit group 2--1024-bit group 5--1536-bit group
Example
host1(config-if)#tunnel pfs group 5
Use the no version to remove PFS from this tunnel. See tunnel pfs group.
tunnel session-key-inbound
152
Configuration Tasks
Chapter 5: Configuring IPSec
Use to manually configure the authentication or encryption algorithm sets and session keys for inbound SAs on a tunnel. You can enter this command only on tunnels that have tunnel signaling set to manual. Use the online Help to see a list of available algorithm sets. Each key is an arbitrary hexadecimal string. If the algorithm set includes:
DES, create an 8-byte key using 16 hexadecimal characters 3DES, create a 24-byte key using 48 hexadecimal characters MD5, create a 16-byte key using 32 hexadecimal characters SHA, create a 20-byte key using 40 hexadecimal characters
Example
host1(config-if)#tunnel session-key-inbound esp-des-hmac-md5 a7bd567917bd5679 bd5678a7bd567917bd567917bd567678
Use the no version to remove inbound session keys from a tunnel. See tunnel session-key-inbound.
tunnel session-key-outbound
Use to manually configure the authentication or encryption algorithm sets, SPI, and session keys for outbound SAs on a tunnel. You can enter this command only on tunnels that have tunnel signaling set to manual. [. . . ] Example
host1(config)#license mobile-ip home-agent demo
Use the no version to delete the license key configuration. See license mobile-ip home-agent.
Monitoring the Mobile IP Home Agent
Use the commands described in this section to set a statistics baseline, remove the binding table, and verify the configuration of the Mobile IP home agent on a virtual router. baseline ip mobile home-agent
Use to set a statistics baseline for a specified Mobile IP home agent. Example
host1#baseline ip mobile home-agent
There is no no version. [. . . ]
DISCLAIMER TO DOWNLOAD THE USER GUIDE JUNIPER NETWORKS JUNOSE 11.1.X IP SERVICES
Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... In any way can't Lastmanuals be held responsible if the document you are looking for is not available, incomplete, in a different language than yours, or if the model or language do not match the description. Lastmanuals, for instance, does not offer a translation service.
Click on "Download the user manual" at the end of this Contract if you accept its terms, the downloading of the manual JUNIPER NETWORKS JUNOSE 11.1.X IP SERVICES will begin.