# Step 1. Configure User profile and IP Address Pool
set access address-assignment pool RA-NCP-pool family inet network 192.168.100.0/24
set access address-assignment pool RA-NCP-pool family inet xauth-attributes primary-dns 8.8.8.8
set access profile RA-NCP-Profile client NCP-user1 firewall-user password lab123
set access profile RA-NCP-Profile address-assignment pool RA-NCP-pool
# create st0 interface
set interface st0 unit 1 family inet
# security zone allow ( ike not for st0 )
set security zone security-zone Untrust host-inbound traffic system-services ike
set security zone security-zone Untrust interfaces st0.1
# Step 2. Configure IPSec Phase 1
# Step 2. Configure IKE or IPSec Phase 1
# --------------------------------
set security ike proposal RA-NCP-IKE-Pro authentication-method pre-shared-keys
set security ike proposal RA-NCP-IKE-Pro dh-group group19
set security ike proposal RA-NCP-IKE-Pro authentication-algorithm sha-256
set security ike proposal RA-NCP-IKE-Pro encryption-algorithm aes-256-cbc
set security ike policy RA-NCP-IKE-Pol mode aggressive
set security ike policy RA-NCP-IKE-Pol proposals RA-NCP-IKE-Pro
set security ike policy RA-NCP-IKE-Pol pre-shared-key ascii-text juniper123
set security ike gateway RA-NCP-GW ike-policy RA-NCP-IKE-Pro
set security ike gateway RA-NCP-GW dynamic user-at-hostname "user@LB.net"
set security ike gateway RA-NCP-GW dynamic ike-user-type shared-ike-id
set security ike gateway RA-NCP-GW external-interface ge-0/0/2
set security ike gateway RA-NCP-GW aaa access-profile RA-NCP-Profile
set security ike gateway RA-NCP-GW version v1-only
|