Scribd Logo
Upload

Welcome to Scribd!

  • 43 views

    Plantilla Reval Multipagas Encriptacion

    Uploaded by

    JA González Castilla
    This document contains configuration settings for establishing IPsec VPN tunnels between network locations. It defines IKE proposals using pre-shared keys for authentication, SHA-256 hashing, AES-256 encryption, and an 86400 second lifetime. IKE and IPsec policies are created referencing these proposals. An IKE gateway is configured to establish VPN tunnels using the defined policies to remote networks defined by their IP ranges, with traffic selectors defining which local and remote subnets will be tunneled. Zones are configured to trust the tunnel interfaces. Routes are added to direct traffic for the remote subnets over the VPN tunnels. Policers are defined to rate limit traffic from a specific DVR device.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd

    Plantilla Reval Multipagas Encriptacion

    Uploaded by

    JA González Castilla
    43 views2 pages
    This document contains configuration settings for establishing IPsec VPN tunnels between network locations. It defines IKE proposals using pre-shared keys for authentication, SHA-256 hashing, AES-256 encryption, and an 86400 second lifetime. IKE and IPsec policies are created referencing these proposals. An IKE gateway is configured to establish VPN tunnels using the defined policies to remote networks defined by their IP ranges, with traffic selectors defining which local and remote subnets will be tunneled. Zones are configured to trust the tunnel interfaces. Routes are added to direct traffic for the remote subnets over the VPN tunnels. Policers are defined to rate limit traffic from a specific DVR device.

    Original Title

    PLANTILLA REVAL MULTIPAGAS ENCRIPTACION

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document contains configuration settings for establishing IPsec VPN tunnels between network locations. It defines IKE proposals using pre-shared keys for authentication, SHA-256 hashing, AES-256 encryption, and an 86400 second lifetime. IKE and IPsec policies are created referencing these proposals. An IKE gateway is configured to establish VPN tunnels using the defined policies to remote networks defined by their IP ranges, with traffic selectors defining which local and remote subnets will be tunneled. Zones are configured to trust the tunnel interfaces. Routes are added to direct traffic for the remote subnets over the VPN tunnels. Policers are defined to rate limit traffic from a specific DVR device.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Download as txt, pdf, or txt
    43 views2 pages

    Plantilla Reval Multipagas Encriptacion

    Uploaded by

    JA González Castilla
    This document contains configuration settings for establishing IPsec VPN tunnels between network locations. It defines IKE proposals using pre-shared keys for authentication, SHA-256 hashing, AES-256 encryption, and an 86400 second lifetime. IKE and IPsec policies are created referencing these proposals. An IKE gateway is configured to establish VPN tunnels using the defined policies to remote networks defined by their IP ranges, with traffic selectors defining which local and remote subnets will be tunneled. Zones are configured to trust the tunnel interfaces. Routes are added to direct traffic for the remote subnets over the VPN tunnels. Policers are defined to rate limit traffic from a specific DVR device.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Download as txt, pdf, or txt
    You are on page 1of 2

    set security ike proposal p1 authentication-method pre-shared-keys

    set security ike proposal p1 dh-group group14


    set security ike proposal p1 authentication-algorithm sha-256
    set security ike proposal p1 encryption-algorithm aes-256-cbc
    set security ike proposal p1 lifetime-seconds 86400
    set security ike policy pol1 mode main
    set security ike policy pol1 proposals p1
    set security ike policy pol1 pre-shared-key ascii-text
    $9/U/ere$cx235tyhjuqfNjDUqfNjh585t LLAVE ASIGNADA POR NIVEL 2
    set security ike gateway gw1 ike-policy pol1
    set security ike gateway gw1 address 192.168.253.1
    set security ike gateway gw1 external-interface ge-0/0/0.0
    set security ipsec proposal ipsec-p1 protocol esp
    set security ipsec proposal ipsec-p1 authentication-algorithm hmac-sha-256-128
    set security ipsec proposal ipsec-p1 encryption-algorithm aes-256-cbc
    set security ipsec proposal ipsec-p1 lifetime-seconds 3600
    set security ipsec policy ipsec-pol proposals ipsec-p1
    set security ipsec vpn vpn-reval bind-interface st0.0
    set security ipsec vpn vpn-reval df-bit clear
    set security ipsec vpn vpn-reval ike gateway gw1
    set security ipsec vpn vpn-reval ike ipsec-policy ipsec-pol
    set security ipsec vpn vpn-reval traffic-selector t1 local-ip 192.168.148.0/24
    LAN SEDE .0
    set security ipsec vpn vpn-reval traffic-selector t1 remote-ip 192.168.2.0/24
    set security ipsec vpn vpn-reval traffic-selector t2 local-ip 192.168.148.0/24
    LAN SEDE .0
    set security ipsec vpn vpn-reval traffic-selector t2 remote-ip 192.168.4.0/24
    set security ipsec vpn vpn-reval traffic-selector t3 local-ip 192.168.148.0/24
    LAN SEDE .0
    set security ipsec vpn vpn-reval traffic-selector t3 remote-ip 192.168.7.0/24
    set security ipsec vpn vpn-reval establish-tunnels immediately
    set security zones security-zone trust interfaces st0.0
    set security zones security-zone trust interfaces ge-0/0/0.0

    Comentado [MV1]: LLAVE ASIGNADA POR NIVEL 2


    Comentado [MV2]: LAN SEDE

    set interfaces st0 unit 0 family inet

    set security flow tcp-mss all-tcp mss 1350


    set security flow tcp-mss ipsec-vpn mss 1350

    set routing-options static route 192.168.2.0/24 next-hop st0.0


    set routing-options static route 192.168.4.0/24 next-hop st0.0
    set routing-options static route 192.168.7.0/24 next-hop st0.0

    xxxxxxxxxxxxxxxx
    RATE-LIMIT DVR
    xxxxxxxxxxxxxxxx

    set firewall policer 1.5M if-exceeding bandwidth-limit 1536K


    set firewall policer 1.5M if-exceeding burst-size-limit 625k
    set firewall policer 1.5M then discard
    set firewall family inet filter CALIDAD term DVR from source-address 192.169.X.150
    IP DVR, indicada por el cliente
    set firewall family inet filter CALIDAD term DVR from destination-address 0.0.0.0/0
    set firewall family inet filter CALIDAD term DVR then policer 1.5M
    set firewall family inet filter CALIDAD term DVR then accept
    set firewall family inet filter CALIDAD term OTRAS then accept
    set interfaces ge-0/0/0 unit 0 family inet filter input CALIDAD
    set interfaces ge-0/0/0 unit 0 family inet filter output CALIDAD

    Comentado [MV3]: IP Asignada por nivel 2, Se debe enviar


    correo, relacionando Cambio, Identificador del servicio,
    Nombre de la sede, WAN y LAN.
    Comentado [MV4]: IP DVR, indicada por el

    You might also like