host1(config)#
virtual-router westford
host1:westford(config)#
2.
Enable NAT-T for the current virtual router.
host1:westford(config)#
ipsec option nat-t
ipsec option nat-t
■
Use to enable NAT-T for the current virtual router.
■
With NAT-T enabled, IPSec traffic flows transparently through a NAT device,
thereby allowing one or more remote hosts located behind the NAT device to
use secure L2TP/IPSec tunnel connections to access the router.
■
The
ipsec option nat-t
command affects only those IKE SAs negotiated on this
virtual router after the command is issued; it has no effect on previously
negotiated IKE SAs.
■
Example
host1:sunnyvale(config)#
ipsec option nat-t
■
Use the
no
version to disable NAT-T for the current virtual router.
■
Use the
default
version to restore the default NAT-T setting on the virtual router,
enabled.
■
See ipsec option nat-t.
Configuring Single-Shot Tunnels
To configure a single-shot L2TP/IPSec tunnel:
1.
Create an L2TP destination profile, which defines the location of the LAC. The
l2tp destination profile
command accesses L2TP Destination Profile
Configuration mode.
host1(config)#
l2tp destination profile boston4 ip address 0.0.0.0
host1(config-l2tp-dest-profile)#
2.
Create an L2TP host profile, which defines the attributes that the router, acting
as the LNS, uses when communicating with the LAC. The
remote host
command
accesses L2TP Destination Profile Host Configuration mode.
host1(config-l2tp-dest-profile)#
remote host default
host1(config-l2tp-dest-profile-host)#
3.
Specify that, for L2TP tunnels associated with this host profile, the router accept
only tunnels protected by IPSec.
host1(config-l2tp-dest-profile-host)#
enable ipsec-transport
4.
Specify that the L2TP tunnels associated with this host profile are single-shot
tunnels.
L2TP/IPSec Tunnels
■
299
Chapter 12: Securing L2TP and IP Tunnels with IPSec
Содержание IP SERVICES - CONFIGURATION GUIDE V 11.1.X
Страница 6: ...vi...
Страница 8: ...viii JUNOSe 11 1 x IP Services Configuration Guide...
Страница 18: ...xviii Table of Contents JUNOSe 11 1 x IP Services Configuration Guide...
Страница 20: ...xx List of Figures JUNOSe 11 1 x IP Services Configuration Guide...
Страница 22: ...xxii List of Tables JUNOSe 11 1 x IP Services Configuration Guide...
Страница 28: ...2 Chapters JUNOSe 11 1 x IP Services Configuration Guide...
Страница 138: ...112 Monitoring J Flow Statistics JUNOSe 11 1 x IP Services Configuration Guide...
Страница 286: ...260 Monitoring IP Tunnels JUNOSe 11 1 x IP Services Configuration Guide...
Страница 312: ...286 Monitoring IP Reassembly JUNOSe 11 1 x IP Services Configuration Guide...
Страница 357: ...Part 2 Index Index on page 333 Index 331...
Страница 358: ...332 Index JUNOSe 11 1 x IP Services Configuration Guide...