Juniper Basic Setting: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) (→Infos) |
||
| (20 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
| + | =Sysinfo= | ||
| + | *get sys | ||
=Interface setting= | =Interface setting= | ||
*set interface untrust ip 10.84.252.41/24 | *set interface untrust ip 10.84.252.41/24 | ||
*set interface untrust gateway 10.84.252.1 | *set interface untrust gateway 10.84.252.1 | ||
*set interface trust ip 10.83.41.1/24 | *set interface trust ip 10.83.41.1/24 | ||
| − | + | *set route 10.81.0.0/16 interface trust gateway 10.83.41.254 | |
| + | *set dns host dns1 10.84.252.1 | ||
=Admin setting= | =Admin setting= | ||
*set admin name root | *set admin name root | ||
*set admin name root | *set admin name root | ||
*save | *save | ||
| + | =Vpn= | ||
| + | ==Define own proposals== | ||
| + | *set ike p1-proposal p1-aes256-sha1-modp1536 preshare group5 esp aes256 sha-1 hours 3 | ||
| + | *set ike p2-proposal p2-aes256-sha1-modp1536 group5 esp aes256 sha-1 hours 1 | ||
| + | |||
| + | ==Set networks== | ||
| + | *set address trust juniper-net 10.83.41.0/24 | ||
| + | *set address untrust gustavo-net 10.83.33.0/24 | ||
| + | |||
| + | ==Set phase 1== | ||
| + | *set ike gateway gustavo address 10.84.252.33 main outgoing-interface untrust preshare suxer proposal p1-aes256-sha1-modp1536 | ||
| + | *set vpn juniper2gustavo gateway gustavo tunnel proposal p2-aes256-sha1-modp1536 | ||
| + | ==Set policies== | ||
| + | *set policy top name to-from-gustavo from trust to untrust juniper-net gustavo-net any tunnel vpn juniper2gustavo | ||
| + | policy id = 2 | ||
| + | *set policy top name to-from-gustavo from untrust to trust gustavo-net juniper-net any tunnel vpn juniper2gustavo | ||
| + | policy id = 3 | ||
| + | |||
| + | ==Infos== | ||
| + | *get ike gateway | ||
| + | <pre> | ||
| + | Id Name Gateway Address Gateway ID Mode Proposals | ||
| + | ---- --------------- --------------- --------------- ---- --------- | ||
| + | 0 gustavo 10.84.252.33 Main p1-aes256-sha1-modp1536 | ||
| + | Total Gateways: 1 (1 including dynamic peers) | ||
| + | user with ASN1_DN type ID sort list: | ||
| + | </pre> | ||
| + | |||
| + | |||
| + | *get vpn | ||
| + | <pre> | ||
| + | Name Gateway Mode RPlay 1st Proposal Monitor Use Cnt Interface | ||
| + | --------------- --------------- ---- ----- -------------------- ------- ------- ---------- | ||
| + | juniper2gustavo gustavo tunl No p2-aes256-sha1-modp1 off 2 untrust | ||
| + | Total Auto VPN: 1 | ||
| + | </pre> | ||
| + | |||
| + | *get ike cookie | ||
| + | <pre> | ||
| + | Active: 1, Dead: 0, Total 1 | ||
| + | |||
| + | 81182f/0003, 10.84.252.33:500->10.84.252.41:500, PRESHR/grp5/AES256/SHA, xchg(2) (gustavo/grp-1/usr-1) | ||
| + | resent-tmr 23077836 lifetime 10800 lt-recv 10800 nxt_rekey 10484 cert-expire 0 | ||
| + | responder, err cnt 0, send dir 1, cond 0x10 | ||
| + | nat-traversal map not available | ||
| + | ike heartbeat : disabled | ||
| + | ike heartbeat last rcv time: 0 | ||
| + | ike heartbeat last snd time: 0 | ||
| + | XAUTH status: 0 | ||
| + | DPD seq local 0, peer 0 | ||
| + | </pre> | ||
| + | =Links= | ||
| + | *https://www.fir3net.com/Firewalls/Juniper/troubleshooting-a-netscreen-site-2-site-vpn.html | ||
Aktuelle Version vom 27. November 2017, 11:40 Uhr
Sysinfo
- get sys
Interface setting
- set interface untrust ip 10.84.252.41/24
- set interface untrust gateway 10.84.252.1
- set interface trust ip 10.83.41.1/24
- set route 10.81.0.0/16 interface trust gateway 10.83.41.254
- set dns host dns1 10.84.252.1
Admin setting
- set admin name root
- set admin name root
- save
Vpn
Define own proposals
- set ike p1-proposal p1-aes256-sha1-modp1536 preshare group5 esp aes256 sha-1 hours 3
- set ike p2-proposal p2-aes256-sha1-modp1536 group5 esp aes256 sha-1 hours 1
Set networks
- set address trust juniper-net 10.83.41.0/24
- set address untrust gustavo-net 10.83.33.0/24
Set phase 1
- set ike gateway gustavo address 10.84.252.33 main outgoing-interface untrust preshare suxer proposal p1-aes256-sha1-modp1536
- set vpn juniper2gustavo gateway gustavo tunnel proposal p2-aes256-sha1-modp1536
Set policies
- set policy top name to-from-gustavo from trust to untrust juniper-net gustavo-net any tunnel vpn juniper2gustavo
policy id = 2
- set policy top name to-from-gustavo from untrust to trust gustavo-net juniper-net any tunnel vpn juniper2gustavo
policy id = 3
Infos
- get ike gateway
Id Name Gateway Address Gateway ID Mode Proposals ---- --------------- --------------- --------------- ---- --------- 0 gustavo 10.84.252.33 Main p1-aes256-sha1-modp1536 Total Gateways: 1 (1 including dynamic peers) user with ASN1_DN type ID sort list:
- get vpn
Name Gateway Mode RPlay 1st Proposal Monitor Use Cnt Interface --------------- --------------- ---- ----- -------------------- ------- ------- ---------- juniper2gustavo gustavo tunl No p2-aes256-sha1-modp1 off 2 untrust Total Auto VPN: 1
- get ike cookie
Active: 1, Dead: 0, Total 1 81182f/0003, 10.84.252.33:500->10.84.252.41:500, PRESHR/grp5/AES256/SHA, xchg(2) (gustavo/grp-1/usr-1) resent-tmr 23077836 lifetime 10800 lt-recv 10800 nxt_rekey 10484 cert-expire 0 responder, err cnt 0, send dir 1, cond 0x10 nat-traversal map not available ike heartbeat : disabled ike heartbeat last rcv time: 0 ike heartbeat last snd time: 0 XAUTH status: 0 DPD seq local 0, peer 0