User manual JUNIPER NETWORKS JUNOSE 11.2.X IP SERVICES CONFIGURATION
Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!
If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Lastmanuals provides you a fast and easy access to the user manual JUNIPER NETWORKS JUNOSE 11.2.X IP SERVICES. We hope that this JUNIPER NETWORKS JUNOSE 11.2.X IP SERVICES user guide will be useful to you.
Lastmanuals help download the user guide JUNIPER NETWORKS JUNOSE 11.2.X IP SERVICES.
Manual abstract: user guide JUNIPER NETWORKS JUNOSE 11.2.X IP SERVICESCONFIGURATION
Detailed instructions for use are in the User's Guide.
[. . . ] JunosETM Software for E SeriesTM Broadband Services Routers
IP Services Configuration Guide
Release
11. 2. x
Published: 2010-06-29 Copyright © 2010, Juniper Networks, Inc.
Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000 www. juniper. net Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. [. . . ] The agreed-on IKE SA between the local system and a remote security gateway may vary, because it depends on the IKE policies used by each remote peer. However, the initial set of IKE policies the router uses is always the same and independent of which peer the router is negotiating with. During negotiation, the router might skip IKE policies that require parameters that are not configured for the remote security gateway with which the IKE SA is being negotiated. You can define up to ten IKE policies, with each policy having a different combination of security parameters. A default IKE policy that contains default values for every policy parameter is available. This policy is used only when IKE policies are not configured and IKE is required. The following sections describe each of the parameters contained in an IKE policy.
Priority
Priority allows better (more secure) policies to be given preference during the negotiation process. However, every IKE policy is considered secure enough to secure the IKE SA flow. During IKE negotiation, all policies are scanned, one at a time, starting from the highest-priority policy and ending with the lowest-priority policy. The first policy that the peer security gateway accepts is used for that IKE session. This procedure is repeated for every IKE session that needs to be established.
Encryption
A specific encryption transform can be applied to an IKE policy. The supported encryption algorithms are:
· ·
DES 3DES
Hash Function
A specific hash function can be applied to an IKE policy. The supported ones are:
· ·
MD5 SHA-1
IKE also uses an authentication algorithm during IKE exchanges. This authentication algorithm is automatically set to the HMAC version of the specified hash algorithm. Therefore, you cannot have the hash function set to MD5 and the authentication algorithm set to HMAC-SHA.
Authentication Mode
As part of the IKE protocol, one security gateway needs to authenticate the other security gateway to make sure that the IKE SA is established with the intended party. The ERX router supports two authentication methods:
·
Digital certificates (using RSA algorithms)
136
Copyright © 2010, Juniper Networks, Inc.
Chapter 5: Configuring IPSec
For digital certificate authentication, an initiator signs message interchange data using his private key, and a responder uses the initiator's public key to verify the signature. Typically, the public key is exchanged via messages containing an X. 509v3 certificate. This certificate provides a level of assurance that a peer's identity (as represented in the certificate) is associated with a particular public key. For more information, see "Configuring Digital Certificates" on page 205.
·
Preshared keys With preshared key authentication mode, the same secret string (similar to a password) must be configured on both security gateways before the gateways can authenticate each other. It is not advisable to share a preshared key among multiple pairs of security gateways, because it reduces the key's security level. The router allows preshared keys to be up to 256 ASCII alphanumeric characters.
Diffie-Hellman Group
An IKE policy must specify which Diffie-Hellmann group is used during the symmetrical key generation phase of IKE. The following Diffie-Hellmann groups are supported:
· · ·
Group 1 (768-bit) Group 2 (1024-bit) Group 5 (1536-bit)
Lifetime
Like a user SA, an IKE SA does not last indefinitely. [. . . ] See ip mobile secure host.
·
license mobile-ip home-agent
· ·
Use to configure the license key to enable a home agent. Specify a name for the license key; up to a maximum of 16 alphanumeric characters.
312
Copyright © 2010, Juniper Networks, Inc.
Chapter 13: Configuring the Mobile IP Home Agent
·
Example
host1(config)#license mobile-ip home-agent demo
· ·
Use the no version to delete the license key configuration. See license mobile-ip home-agent.
Monitoring the Mobile IP Home Agent
Use the commands described in this section to set a statistics baseline, remove the binding table, and verify the configuration of the Mobile IP home agent on a virtual router. baseline ip mobile home-agent
· ·
Use to set a statistics baseline for a specified Mobile IP home agent. [. . . ]
DISCLAIMER TO DOWNLOAD THE USER GUIDE JUNIPER NETWORKS JUNOSE 11.2.X IP SERVICES Lastmanuals offers a socially driven service of sharing, storing and searching manuals related to use of hardware and software : user guide, owner's manual, quick start guide, technical datasheets... In any way can't Lastmanuals be held responsible if the document you are looking for is not available, incomplete, in a different language than yours, or if the model or language do not match the description. Lastmanuals, for instance, does not offer a translation service. Click on "Download the user manual" at the end of this Contract if you accept its terms, the downloading of the manual JUNIPER NETWORKS JUNOSE 11.2.X IP SERVICES will begin.