host1(config-if)#
tunnel mtu 2240
•
Use the
no
version to restore the default MTU (1440).
•
See tunnel mtu.
tunnel peer-identity
Use to configure the peer identity (selector) that ISAKMP uses. Specify the identity
using one of the following keywords:
•
•
address
—Specifies an IP address as the peer identity
•
subnet
—Specifies a subnet as the peer identity
•
range
—Specifies a range of IP addresses as the peer identity
•
Example 1
host1(config-if)#
tunnel peer-identity range 10.10.1.1 10.10.2.2
•
Example 2
host1(config-if)#
tunnel peer-identity subnet 130.10.1.1 255.255.255.0
•
Use the
no
version to remove the peer identity.
•
See tunnel peer-identity.
tunnel pfs group
•
Use to configure perfect forward secrecy (PFS) on this tunnel.
•
Assign a Diffie-Hellman prime modulus group using one of the following keywords:
•
1
—768-bit group
•
2
—1024-bit group
•
5
—1536-bit group
•
Example
host1(config-if)#
tunnel pfs group 5
•
Use the
no
version to remove PFS from this tunnel.
•
See tunnel pfs group.
tunnel session-key-inbound
•
Use to manually configure the authentication or encryption algorithm sets and session
keys for inbound SAs on a tunnel. You can enter this command only on tunnels that
have tunnel signaling set to manual.
•
Use the online Help to see a list of available algorithm sets.
•
Each key is an arbitrary hexadecimal string. If the algorithm set includes:
•
DES, create an 8-byte key using 16 hexadecimal characters
•
3DES, create a 24-byte key using 48 hexadecimal characters
145
Copyright © 2010, Juniper Networks, Inc.
Chapter 5: Configuring IPSec
Содержание JUNOSE 11.2.X IP SERVICES
Страница 6: ...Copyright 2010 Juniper Networks Inc vi...
Страница 8: ...Copyright 2010 Juniper Networks Inc viii JunosE 11 2 x IP Services Configuration Guide...
Страница 18: ...Copyright 2010 Juniper Networks Inc xviii JunosE 11 2 x IP Services Configuration Guide...
Страница 22: ...Copyright 2010 Juniper Networks Inc xxii JunosE 11 2 x IP Services Configuration Guide...
Страница 28: ...Copyright 2010 Juniper Networks Inc 2 JunosE 11 2 x IP Services Configuration Guide...
Страница 116: ...Copyright 2010 Juniper Networks Inc 90 JunosE 11 2 x IP Services Configuration Guide...
Страница 144: ...Copyright 2010 Juniper Networks Inc 118 JunosE 11 2 x IP Services Configuration Guide...
Страница 230: ...Copyright 2010 Juniper Networks Inc 204 JunosE 11 2 x IP Services Configuration Guide...
Страница 262: ...Copyright 2010 Juniper Networks Inc 236 JunosE 11 2 x IP Services Configuration Guide...
Страница 294: ...Copyright 2010 Juniper Networks Inc 268 JunosE 11 2 x IP Services Configuration Guide...
Страница 328: ...Copyright 2010 Juniper Networks Inc 302 JunosE 11 2 x IP Services Configuration Guide...
Страница 345: ...PART 2 Index Index on page 321 319 Copyright 2010 Juniper Networks Inc...
Страница 346: ...Copyright 2010 Juniper Networks Inc 320 JunosE 11 2 x IP Services Configuration Guide...
Страница 356: ...Copyright 2010 Juniper Networks Inc 330 JunosE 11 2 x IP Services Configuration Guide...