[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring IPSec Conditions

You can configure IPSec conditions for JUNOS policy rules. Use the following configuration statements to add IPSec conditions to a classify-traffic condition:

policies group name list name rule name traffic-condition name ipsec-condition {
spi spi ;
ip-flags ip-flags ;
ip-flags-mask ip-flags-mask ;
fragment-offset fragment-offset ;
packet-length packet-length ;
protocol protocol ;
protocol-operation protocol-operation;
}

To add IPSec conditions to a classify-traffic condition:

  1. From configuration mode, enter the IPSec configuration. For example:
  2. (Optional) Specify the authentication header (AH) or the encapsulating security payload (ESP) security parameter index (SPI).
  3. (Optional) Configure the value of the IP flags field in the IP header.
  4. (Optional) Configure the mask that is associated with the IP flag.
  5. (Optional) Configure the value of the fragment offset field.
  6. (Optional) Configure the packet length on which to match. The length refers only to the IP packet, including the packet header, and does not include any layer 2 encapsulation overhead.
  7. Configure the protocol matched by this classify-traffic condition.
  8. (Optional) Verify the IPSec condition configuration. 
    [edit policies group vpn list input rule pr traffic-condition ctc ipsec-condition
user@host# show 
spi 2;
ip-flags 0;
ip-flags-mask 0;
fragment-offset 0;
packet-length packetLength;
protocol ah;
protocol-operation 1;
    

    9. 



Related Topics




[Contents]
[Prev]
[Next]

[Index]

[Report an Error]










Copyright © 2008, Juniper Networks, Inc.
All Rights Reserved.
	Trademark Notice.