Defining the Server IP Address

The local ip address command defines the specified local IP address as the server address. The router monitors UDP port 500 for incoming login requests (that is, IKE SA negotiations) from users.

Note: This address is typically made public to all users trying to connect to a VPN on this router.

This command enables you to optionally set a global preshared key for the specified server address. When using global preshared keys, keep the following in mind:

• Global preshared keys enable a group of users to share a single authentication key, simplifying the administrative job of setting up keys for multiple users.
• Specific keys for individual users have higher priority than global keys. If both individual and global keys are configured, the individual that also has a specific key must use that key or authentication fails.
• More than one profile can specify the same local endpoint and virtual router. Because the last value set overrides the other, we recommend that you avoid this type of configuration.

local ip address

• Use to specify the given local IP address as a server address.
• Example

  host1(config-ipsec-tunnel-profile)#local ip address 192.2.52.12

• Use the no version to stop the router from monitoring UDP port 500 for user requests and remove any preshared key associations with the local IP address.
• See local ip address.

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.