Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- interfaces {
- st0 {
- unit 3 {
- description "IPv4 tunnel to c2821";
- family inet {
- mtu 1420;
- address 172.25.144.243/31;
- }
- }
- }
- }
- security {
- ike {
- proposal ike-proposal-j2c-1 {
- authentication-method pre-shared-keys;
- dh-group group5;
- authentication-algorithm sha-256;
- encryption-algorithm aes-256-cbc;
- lifetime-seconds 28800;
- }
- policy ike-policy-j2c-1 {
- mode main;
- proposals ike-proposal-j2c-1;
- pre-shared-key ascii-text "SECRET-DATA"; ## SECRET-DATA
- }
- gateway ike-gateway-j2c-1 {
- ike-policy ike-policy-j2c-1;
- address 81.134.x.y;
- no-nat-traversal;
- local-identity hostname srx110c2821;
- external-interface at-1/0/0.0;
- }
- }
- ipsec {
- proposal ipsec-proposal-j2c-1 {
- protocol esp;
- authentication-algorithm hmac-sha-256-128;
- encryption-algorithm aes-256-cbc;
- lifetime-seconds 3600;
- lifetime-kilobytes 4608000;
- }
- policy ipsec-policy-j2c-1 {
- proposals ipsec-proposal-j2c-1;
- }
- vpn ipsec-vpn-j2c-1 {
- bind-interface st0.3;
- ike {
- gateway ike-gateway-j2c-1;
- ipsec-policy ipsec-policy-j2c-1;
- }
- establish-tunnels immediately;
- }
- }
- }
- crypto keyring j2c-keyring
- pre-shared-key address 0.0.0.0 0.0.0.0 key SECRET-DATA
- !
- crypto isakmp policy 1
- encr aes 256
- hash sha256
- authentication pre-share
- group 5
- crypto isakmp profile j2c-1
- keyring j2c-keyring
- match identity user-fqdn srx110c2821
- initiate mode aggressive
- !
- !
- crypto ipsec transform-set ESP_AES256 esp-aes 256 esp-sha256-hmac
- !
- crypto ipsec profile j2c-1
- set transform-set ESP_AES256
- set isakmp-profile j2c-1
- !
- !
- !
- !
- !
- !
- !
- interface Tunnel0
- description IPv4 tunnel to srx110
- ip address 172.25.144.242 255.255.255.254
- ip mtu 1420
- tunnel source Dialer0
- tunnel mode ipsec ipv4
- tunnel protection ipsec profile j2c-1
- !
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
