ISG 2000 User’s Guide
20 Summary of CLI Commands
CLI Commands – Example Route-Based VPN Configuration
ISG 2000 Commands Description
set interface tunnel.1 zone untrust
set interface tunnel.1 ip unnumbered interface
ethernet2/1
set address trust local 10.1.1.0/24
set address untrust peer1 10.2.2.0/24
set ike gateway peer1 dynamic peer1@jnpr.net
aggressive outgoing-interface ethernet2/1 preshare
Iwb715iSF proposal pre-g2-3des-sha
set vpn vpn1 gateway peer1 tunnel sec-level compatible
set vpn vpn1 bind interface tunnel.1
set vpn vpn1 proxy-id local-ip 0.0.0.0/0 remote-ip
0.0.0.0/0 any
set vrouter trust-vr route 10.2.2.0/24 interface tunnel.1
set vrouter trust-vr route 10.2.2.0/24 interface null
metric 10
set policy id 8 top from untrust to trust peer1 local any
permit
set policy id 9 top from trust to untrust local peer1 any
permit
save
“ISG 2000” on page 17
Remote Peer Commands Description
set interface tunnel.1 zone untrust
set interface tunnel.1 ip unnumbered interface untrust
set address trust local 10.2.2.0/24
set address untrust peer1 10.1.1.0/24
set ike gateway gw1 address 1.1.1.1 aggressive local-id
peer1@jnpr.net outgoing-interface untrust preshare
Iwb715iSF proposal pre-g2-3des-sha
set vpn vpn1 gateway gw1 tunnel sec-level compatible
set vpn vpn1 bind interface tunnel.1
set vpn vpn1 proxy-id local-ip 0.0.0.0/0 remote-ip
0.0.0.0/0 any
set vrouter trust-vr route 0.0.0.0/0 interface untrust
set vrouter trust-vr route 10.2.2.0/24 interface tunnel.1
set vrouter trust-vr route 10.2.2.0/24 interface null
metric 10
set policy id 1 top from untrust to trust peer1 local any
permit
set policy id 2 top from trust to untrust local peer1 any
permit
save
“Remote Peer” on page 18
To Next Page
Loading...
Need help?
General