User manual JUNIPER NETWORKS IP SERVICES CONFIGURATION GUIDE V 11.1.X
DON'T FORGET : ALWAYS READ THE USER GUIDE BEFORE BUYING !!!
If this document matches the user guide, instructions manual or user manual, feature sets, schematics you are looking for, download it now. Diplodocs provides you a fast and easy access to the user manual JUNIPER NETWORKS IP SERVICES. We hope that this JUNIPER NETWORKS IP SERVICES user guide will be useful to you.
Manual abstract: user guide JUNIPER NETWORKS IP SERVICESCONFIGURATION GUIDE V 11.1.X
Detailed instructions for use are in the User's Guide.
[. . . ] JUNOSeTM Software for E SeriesTM Broadband Services Routers
IP Services Configuration Guide
Release 11. 1. x
Juniper Networks, Inc.
1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000
www. juniper. net
Published: 2010-04-04
Juniper Networks, the Juniper Networks logo, JUNOS, NetScreen, ScreenOS, and Steel-Belted Radius are registered trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. [. . . ] To configure the lifetime in amount of traffic, use the kilobytes keyword to specify the lifetime in the range 1024004294967295. If you include the seconds keyword as the first keyword on the command line, you can also include the kilobytes keyword on the same line. Before either the volume of traffic or number of seconds limit is reached, the SA is renegotiated, which ensures that the tunnel does not go down during renegotiation. Example
host1(config-if)#tunnel lifetime seconds 48000 kilobytes 249000
Use the no version to restore the default lifetime (28800 seconds) and an unlimited volume. See tunnel lifetime.
tunnel local-identity
Use to configure the local identity (selector) of the tunnel. Specify the identity using one of the following keywords:
address--Specifies an IP address as the local identity subnet--Specifies a subnet as the local identity range--Specifies a range of IP addresses as the local identity
Example 1
host1(config-if)#tunnel local-identity range 10. 10. 1. 1 10. 10. 2. 1
Example 2
host1(config-if)#tunnel local-identity subnet 10. 10. 1. 1 255. 255. 255. 0
Use the no version to restore the default identity, which is subnet 0. 0. 0. 0 0. 0. 0. 0 See tunnel local-identity.
Configuration Tasks
151
JUNOSe 11. 1. x IP Services Configuration Guide
tunnel mtu
Use to set the MTU size for the tunnel. Example
host1(config-if)#tunnel mtu 2240
Use the no version to restore the default MTU (1440). See tunnel mtu.
tunnel peer-identity
Use to configure the peer identity (selector) that ISAKMP uses. Specify the identity using one of the following keywords:
address--Specifies an IP address as the peer identity subnet--Specifies a subnet as the peer identity range--Specifies a range of IP addresses as the peer identity
Example 1
host1(config-if)#tunnel peer-identity range 10. 10. 1. 1 10. 10. 2. 2
Example 2
host1(config-if)#tunnel peer-identity subnet 130. 10. 1. 1 255. 255. 255. 0
Use the no version to remove the peer identity. See tunnel peer-identity.
tunnel pfs group
Use to configure perfect forward secrecy (PFS) on this tunnel. Assign a Diffie-Hellman prime modulus group using one of the following keywords:
1--768-bit group 2--1024-bit group 5--1536-bit group
Example
host1(config-if)#tunnel pfs group 5
Use the no version to remove PFS from this tunnel. See tunnel pfs group.
tunnel session-key-inbound
152
Configuration Tasks
Chapter 5: Configuring IPSec
Use to manually configure the authentication or encryption algorithm sets and session keys for inbound SAs on a tunnel. You can enter this command only on tunnels that have tunnel signaling set to manual. If the algorithm set includes:
DES, create an 8-byte key using 16 hexadecimal characters 3DES, create a 24-byte key using 48 hexadecimal characters MD5, create a 16-byte key using 32 hexadecimal characters SHA, create a 20-byte key using 40 hexadecimal characters
Example
host1(config-if)#tunnel session-key-inbound esp-des-hmac-md5 a7bd567917bd5679 bd5678a7bd567917bd567917bd567678
Use the no version to remove inbound session keys from a tunnel. See tunnel session-key-inbound.
tunnel session-key-outbound
Use to manually configure the authentication or encryption algorithm sets, SPI, and session keys for outbound SAs on a tunnel. You can enter this command only on tunnels that have tunnel signaling set to manual. The SPI is a number in the range 2564294967295 that identifies an SA. If the algorithm set includes:
DES, create an 8-byte key using 16 hexadecimal characters 3DES, create a 24-byte key using 48 hexadecimal characters MD5, create a 16-byte key using 32 hexadecimal characters SHA, create a 20-byte key using 40 hexadecimal characters
Example
host1(config-if)#tunnel session-key-outbound esp-3des-hmac-md5 421 567917bd567917bd567917bd545a17bd567917bd56784a7b fda183bef567917bd567917bd567917b
Use the no version to remove outbound session keys from a tunnel. See tunnel session-key-outbound.
tunnel signaling
Use to set the tunnel type to signaled (ISAKMP) or manual. Specify a keyword:
isakmp--Specifies to use ISAKMP/IKE to negotiate SAs and to establish keys
Configuration Tasks
153
JUNOSe 11. 1. x IP Services Configuration Guide
manual--Specifies that security parameters and keys are configured manually
Example
host1(config-if)#tunnel signaling manual
Use the no version to restore the default value, isakmp. See tunnel signaling.
tunnel source
Use to specify an existing interface address that serves as the tunnel's source address. For signaled IPSec tunnels in cable or DSL environments, you can optionally use an FQDN to identify the tunnel endpoint. [. . . ] Example
host1(config)#license mobile-ip home-agent demo
Use the no version to delete the license key configuration. See license mobile-ip home-agent.
Monitoring the Mobile IP Home Agent
Use the commands described in this section to set a statistics baseline, remove the binding table, and verify the configuration of the Mobile IP home agent on a virtual router. baseline ip mobile home-agent
Use to set a statistics baseline for a specified Mobile IP home agent. Example
host1#baseline ip mobile home-agent
There is no no version. [. . . ]
DISCLAIMER TO DOWNLOAD THE USER GUIDE JUNIPER NETWORKS IP SERVICES
Click on "Download the user Manual" at the end of this Contract if you accept its terms, the downloading of the manual JUNIPER NETWORKS IP SERVICES will begin.