VPN 설정
1. IKE Phase 1 설정
1) phase 1 proposal
- set security ike proposal proposalName authentication-method
2) phase 1 mode
- set security ike policy policyName mode main
3) Ike gateway address & VPN outgoing interface
- set security ike gateway gatewayName ike-policy policyName address address dead-peer-detecttion
2. IKE phase 2 설정
1) phase 2 proposal
set security psec
2) IKE gateway
3) Bind-interface
3. IPSec VPN 적용 방법
1) policy-based IPSec VPN 설정
2) Route-based IPsec VPN 설정
ex)
set interfaces st0 unit 0 family inet set routing-options static route 10.10.10.0/24 next-hop st0 set security ike proposal ike-phase1-proposal authentication-method pre-shared-keys set security ike proposal ike-phase1-proposal dh-group group2 set security ike proposal ike-phase1-proposal authentication-algorithm sha1 set security ike proposal ike-phase1-proposal encryption-algorithm aes-128-cbc set security ike policy ike-phase1-policy mode main set security ike policy ike-phase1-policy proposals ike-phase1-proposal set security ike policy ike-phase1-policy pre-shared-key ascii-text 1234567890 set security ike gateway gw-backup ike-policy ike-phase1-policy set security ike gateway gw-backup address 106.248.244.202 set security ike gateway gw-backup external-interface ge-0/0/0 set security ipsec proposal ipsec-phase2-proposal protocol esp set security ipsec proposal ipsec-phase2-proposal authentication-algorithm hmac-sha1-96 set security ipsec proposal ipsec-phase2-proposal encryption-algorithm aes-128-cbc set security ipsec policy ipsec-phase2-policy perfect-forward-secrecy keys group2 set security ipsec policy ipsec-phase2-policy proposals ipsec-phase2-proposal set security ipsec vpn ike-vpn-backup bind-interface st0 set security ipsec vpn ike-vpn-backup ike gateway gw-backup set security ipsec vpn ike-vpn-backup ike ipsec-policy ipsec-phase2-policy set security ipsec vpn ike-vpn-backup vpn-monitor optimized set security zones security-zone untrust interfaces st0 |