Junos - VPN Hierarchy

Wow! A Junos post! Amazing.

We all know that the configuration on a Junos box is very hierarchical. Sometimes it doesn’t make a lot of sense, but it’s all a pretty cascade of code. One of the big messes that I’ve found is the VPN configuration hierarchy; there are way more items to configure than on an IOS device.  To reinforce the stpes in my head, I thought I’d get some of the pieces into a post. These aren’t all the options, but it’s all you need to get a static IPSec tunnel up and running.

security

ike

proposal ««  Think ISAKMP policy on Cisco

authentication-method «« PSK

dh-group

authentication-algorithm

encryption-algorithm

lifetime-seconds

policy

mode «« Main versus quick

proposal

pre-shared key «« The key and the proposal are bound together

gateway «« The remote peer

ike-policy

address

external-interface «« Think the if where you put the crypto map

ipsec

proposal «« Transform set…kinda

protocol (ESP)

authentication-algorithm

encryption-algorithm

lifetime-seconds

policy

proposal

vpn

bind-interface «« Complicated story

ike

gateway

proxy-identity «« Also complicated

local

remote

ipsec-policy

establish-tunnels immediately «« Awesome!

That’ll do, pig.  I’ll fire off a real configuration post later.  Feel free to add your pair of pennies since I’m a total Junos n00b.

Send any stocking stuffers questions my way.