![]() Set security ike proposal our-ike-proposal authentication-algorithm sha-256 Set security ike proposal our-ike-proposal dh-group group5 ![]() set security ike proposal our-ike-proposal authentication-method pre-shared-keys IKE_Proposal: We will configure IKE proposal, according our ipsec parameter table. Now, move to the main part of ipsec configuration. set security zones security-zone untrust host-inbound-traffic system-services ike If you do so, make sure Ike is allowed which is must needed to form IPSec peer. You might need to allow specific services in production networks. ![]() Set security zones security-zone untrust interfaces ge-0/0/0.0 Set security zones security-zone untrust host-inbound-traffic protocols all ![]() Set security zones security-zone untrust host-inbound-traffic system-services all We also need to check IKE is allowed in our untrust (outside) zone or not. Round-trip min/avg/max/stddev = 10.190/10.697/11.684/0.594 result shows a full reachability to ipsec peer IP.
0 Comments
Leave a Reply. |