ipsec config for juniper M/MX series

Download Template
ipsec config for juniper M/MX series

takthar
April 22, 2013
the ip address of egress interface

Name of ipsec-rule and service-set

shared key in asic text

outgoing interface ip

service interface which is used as inside

service interface which is used as outside

outgoing interface ip

sp interface ip

service interface which is used as outside with subunit

service interface which is used as inside with subunit

sp interface inside unit

description of sp interface

sp interface outside unit

set services ipsec-vpn rule %{ipsec_rule_name}% term 1 then remote-gateway %{remote_gateway_ip}%
set services ipsec-vpn rule %{ipsec_rule_name}% term 1 then dynamic ike-policy CORE_policy
set services ipsec-vpn rule %{ipsec_rule_name}% term 1 then dynamic ipsec-policy ipsec_standard
set services ipsec-vpn rule %{ipsec_rule_name}% term 1 then tunnel-mtu 9192
set services ipsec-vpn rule %{ipsec_rule_name}% match-direction input

set services ipsec-vpn ipsec proposal ipsec_standard protocol esp
set services ipsec-vpn ipsec proposal ipsec_standard authentication-algorithm hmac-sha1-96
set services ipsec-vpn ipsec proposal ipsec_standard encryption-algorithm 3des-cbc
set services ipsec-vpn ipsec proposal ipsec_standard lifetime-seconds 600

set services ipsec-vpn ipsec policy ipsec_standard proposals ipsec_standard

set services ipsec-vpn ike proposal ike_standard authentication-method pre-shared-keys
set services ipsec-vpn ike proposal ike_standard dh-group group1
set services ipsec-vpn ike proposal ike_standard authentication-algorithm sha1
set services ipsec-vpn ike proposal ike_standard encryption-algorithm 3des-cbc
set services ipsec-vpn ike proposal ike_standard lifetime-seconds 3600

set services ipsec-vpn ike policy CORE_policy proposals ike_standard
set services ipsec-vpn ike policy CORE_policy pre-shared-key ascii-text %{pre_shared_key}%

set services ipsec-vpn establish-tunnels immediately

set services service-set %{ipsec_rule_name}% ipsec-vpn-options local-gateway %{local_gateway_ip}%

set services service-set %{ipsec_rule_name}% ipsec-vpn-rules %{ipsec_rule_name}%

set services service-set %{ipsec_rule_name}% next-hop-service inside-service-interface %{sp_inside_interface_with_unit}%
set services service-set %{ipsec_rule_name}% next-hop-service outside-service-interface %{sp_outside_interface_with_unit}%

set routing-options static route %{remote gateway ip}%/32 next-hop %{static_route_nexthop}%


set interfaces %{sp_inside_interface_config}% unit %{sp_inside_unit}%  description %{sp_interface_description}% 
set interfaces %{sp_inside_interface_config}% unit %{sp_inside_unit}% family inet address %{sp_inside_interface_ip}% 
set interfaces %{sp_inside_interface_config}% unit %{sp_inside_unit}%  service-domain inside
set interfaces %{sp_outside_interface_config}% unit %{sp_outside_unit}% family inet
set interfaces %{sp_outside_interface_config}% unit %{sp_outside_unit}% service-domain outside

Comments

Thanks for the template! Please correct %{remote gateway ip}% in a row: set routing-options static route......

velizarx
July 22, 2014

You must be logged in to comment.