 |
Note: The valid firewall filters statements for IPSec are destination-port, source-port, protocol, destination-address, and source-address. |
Traffic configuration defines the traffic that must flow through the tunnel. You configure outbound and inbound firewall filters, which identify and direct traffic to be encrypted and confirm that decrypted traffic parameters match those defined for the given tunnel. The outbound filter is applied to the LAN or WAN interface for the incoming traffic you want to encrypt. The inbound filter is applied to the ES PIC to check the policy for traffic coming in from the remote host. Because of the complexity of configuring a router to forward packets, no automatic checking is done to ensure that the configuration is correct.
|
Note: The valid firewall filters statements for IPSec are destination-port, source-port, protocol, destination-address, and source-address. |
In Figure 5, Gateway A protects the network 10.1.1.0/24, and Gateway B protects the network 10.2.2.0/24. The gateways are connected by an IPSec tunnel. For more information about firewalls, see the JUNOS Policy Framework Configuration Guide.
Figure 5: Example: IPSec Tunnel Connecting Security Gateways
The SA and ES interface for security Gateway A are configured as follows:
- [edit security ipsec]
- security-association manual-sa1 {
-
- manual {
-
- direction bidirectional {
- protocol esp;
- spi 2312;
-
- authentication {
- algorithm hmac-md5-96;
- key ascii-text 1234123412341234;
- }
-
- encryption {
- algorithm 3des-cbc;
- key ascii-text 123456789009876543211234;
- }
- }
- }
- }
- [edit interfaces es-0/1/0]
- unit 0 {
-
- tunnel {
- source 10.5.5.5;
- destination 10.6.6.6;
- }
-
- family inet {
- ipsec-sa manual-sa1;
-
- address 10.1.1.8/32 {
- destination 10.2.2.254;
- }
- }
- }
 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |