Juniper – Configuring Global SPI and VPN Monitoring Features

Junos OS Security Configuration Guide.

Configuring Global SPI and VPN Monitoring Features

Requirements

Before you begin, understand global SPI and VPN monitoring features. See Understanding Global SPI and VPN Monitoring Features.

Overview

In this example, you configure the device to detect and respond five times to a bad IPsec SPI before deleting the SA and initiating a new one. You also configure the device to monitor the VPN by sending ICMP requests to the peer every 15 seconds, and to declare the peer unreachable after 15 unsuccessful pings.

Configuration

Step-by-Step Procedure

To configure global VPN settings in the CLI editor:

  1. Specify global VPN settings.
    [edit]user@host# set security ike respond-bad-spi 5user@host# set security ipsec vpn-monitor-options interval 15 threshold 15

Step-by-Step Procedure

Related Documentation

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s