Set security policies from-zone untrust to-zone trust policy Teldat_To_GM then permit tunnel ipsec-vpn Teldat_vpn Set security policies from-zone untrust to-zone trust policy Teldat_To_GM match application any Set security policies from-zone untrust to-zone trust policy Teldat_To_GM match destination-address Net_10_100 Set security policies from-zone untrust to-zone trust policy Teldat_To_GM match source-address Teldat_Test_Atm Set security ipsec vpn Teldat_vpn ike ipsec-policy Teldat_pol Set security ipsec vpn Teldat_vpn ike proxy-identity remote 10.253.240.248/29 Set security ipsec vpn Teldat_vpn ike proxy-identity local 10.100.0.0/16 Set security ipsec vpn Teldat_vpn ike gateway Teldat_gw
Set security ipsec policy Teldat_pol proposals Teldat_pro2 Set security ipsec policy Teldat_pol perfect-forward-secrecy keys group2 Set security ipsec proposal Teldat_pro2 lifetime-seconds 3600 Set security ipsec proposal Teldat_pro2 encryption-algorithm 3des-cbc Set security ipsec proposal Teldat_pro2 authentication-algorithm hmac-sha1-96 Set security ipsec proposal Teldat_pro2 protocol esp Set security ike gateway Teldat_gw external-interface reth2.0 Set security ike gateway Teldat_gw dynamic hostname router.router Set security ike gateway Teldat_gw ike-policy Teldat_ike Set security ike policy Teldat_ike pre-shared-key ascii-text "$9$q.QntpBhSe5QF/9AIR" Set security ike policy Teldat_ike proposals Teldat_pro1 Set security ike policy Teldat_ike mode aggressive Set security ike proposal Teldat_pro1 lifetime-seconds 3600 Set security ike proposal Teldat_pro1 encryption-algorithm 3des-cbc Set security ike proposal Teldat_pro1 authentication-algorithm sha1 Set security ike proposal Teldat_pro1 dh-group group2 Set security ike proposal Teldat_pro1 authentication-method pre-shared-keys branch IOS router's IP address is dynamic. at center: there is Juniper SRX FW at branch: cisco IOS router. We want to establish site-to-site dynmaic vpn with Juniper SRX and cisco router.
0 kommentar(er)
