juniper, network, router

Juniper Üzerinde IPSEC tünel ve VPN konfigürasyonu

Aşağıdaki gibi yapılabilir.

set services ipsec-vpn ike policy  POLICY1  proposals ike_standard
set services ipsec-vpn ike policy  POLICY1 pre-shared-key ascii-text xxxxxxxxx
 
set interfaces sp-1/2/0 unit 814 description " XXX Inside to YYY-RTR-1"
set interfaces sp-1/2/0 unit  814 family inet address 192.168.X.X/30
set interfaces sp-1/2/0 unit 814 family inet mtu 1400
set interfaces sp-1/2/0 unit 814 service-domain inside
set interfaces sp-1/2/0 unit 815 description "XXX Outside from XXX-RTR-1"
set interfaces sp-1/2/0 unit 815 family inet
set interfaces sp-1/2/0 unit 815 service-domain outside
set services service-set to-XXX-RTR-1 next-hop-service inside-service-interface sp-1/2/0.814
set services service-set to-XXX-RTR-1 next-hop-service outside-service-interface sp-1/2/0.815
set services service-set to-XXX-RTR-1 ipsec-vpn-options local-gateway 69.2.X.X
set services service-set to-XXX-RTR-1 ipsec-vpn-rules to-XXX-RTR-1

 

set services ipsec-vpn rule to-XXX-RTR-1 term 1 then remote-gateway 59.18.X.X
set services ipsec-vpn rule to-XXX-RTR-1 term 1 then dynamic ike-policy XXX_policy
set services ipsec-vpn rule to-XXX-RTR-1 term 1 then dynamic ipsec-policy ipsec_standard
set services ipsec-vpn rule to-XXX-RTR-1 match-direction input


set interfaces lo0 unit 1158 description "XXX Loopback"
set interfaces lo0 unit 1158 family inet address 69.2.X.X/32


set policy-options community XXX members target:1158:1
set policy-options policy-statement XXX_IN term MGMT from community MGMT
set policy-options policy-statement XXX_IN term MGMT then accept
set policy-options policy-statement XXX_IN term MINE from community XXX
set policy-options policy-statement XXX_IN term MINE then accept

 

set policy-options policy-statement XXX_OUT term MGMT from prefix-list XXX_MGMT
set policy-options policy-statement XXX_OUT term MGMT then community set MGMT_IN
set policy-options policy-statement XXX_OUT term MGMT then community add XXX
set policy-options policy-statement XXX_OUT term MGMT then accept
set policy-options policy-statement XXX_OUT term ACCEPT then community set XXX
set policy-options policy-statement XXX_OUT term ACCEPT then accept
 

set policy-options prefix-list XXX_MGMT 74.8.X.X/32

 

set routing-instances XXX-V1 instance-type vrf
set routing-instances XXX-V1 interface lo0.1158
set routing-instances XXX-V1 interface sp-1/2/0.814
set routing-instances XXX-V1 route-distinguisher 69.2.X.X:1158
set routing-instances XXX-V1 vrf-import XXX_IN
set routing-instances XXX-V1 vrf-export XXX_OUT
set routing-instances XXX-V1 vrf-target target:1158:1
set routing-instances XXX-V1 routing-options router-id 69.2.X.X
set routing-instances XXX-V1 routing-options static route 74.8.X.X/32 next-hop sp-1/2/0.814         ///Customer loopback 
set routing-instances XXX-V1 routing-options static route 10.103.1.0/24 next-hop sp-1/2/0.814       ///customer LAn


 

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d blogcu bunu beğendi: