IPV4 over IPV6 remote access XAuth



  • Hi ALL,

    I am trying to setup a remote access xAuth IPV6 tunnel on 5GT using 5.3.0 release. I want to setup a IPV6 tunnel and send IPV4 data through it. Network is setup on simple ethernet switches. I am trying to setup route based VPN. If anybody has a sample config please help me out. It is getting difficult to configure V6 and V4 combinations together. I am ok with policy based VPN’s too as long as i can do IPV4 data through IPV6 remote access tunnels. I am running 5.3.0 version.

    -Regards
    Bob

    Network Diagram

    Client
    –-----
    4FFE::0200:FF:FE00:1
    Juniper DUT

    4ffe::200:ff:fe00:2/64===10.48.123.2---------->10.48.123.10 untrust trust (server)

    I am using routing mode on both trust and untrust interfaces.

    Rejected an IKE packet on untrust from 4ffe::200:ff:fe00:1:500 to 4ffe::200:ff:fe00:2:500 with cookies 906bda9f0343993d and 7a1e61b35b8dfa9b because there were no acceptable Phase 1 proposals.
    2005-12-21 19:40:14 info IKE<4ffe::200:ff:fe00:1> Phase 1: Responder starts AGGRESSIVE mode negotiations

    Here is my relevant config

    set interface “trust” zone "Trust"
    set interface “untrust” zone "Untrust"
    set interface “tunnel.1” zone "Untrust"
    set interface “tunnel.2” zone "Untrust"
    unset interface vlan1 ip
    set interface trust ip 10.48.123.2/24
    set interface trust route
    set interface untrust ip 10.48.122.2/24
    set interface “untrust” ipv6 mode "router"
    set interface “untrust” ipv6 ip 4ffe::200:ff:fe00:2/64
    set interface “untrust” ipv6 enable
    set interface untrust route
    set interface tunnel.2 ip unnumbered interface untrust
    set interface “tunnel.2” ipv6 mode "host"
    set interface “tunnel.2” ipv6 enable
    set interface tunnel.2 mtu 1500
    set interface trust manage-ip 10.48.123.3
    unset interface trust ip manageable
    set interface untrust ip manageable
    set interface untrust manage ping
    set interface untrust ipv6 ra link-address
    set interface untrust ipv6 nd nud
    set interface tunnel.2 ipv6 nd nud
    set interface tunnel.2 ipv6 nd dad-count 0
    set flow tcp-mss
    unset flow tcp-syn-check
    set hostname ns5gt
    set pki authority default scep mode "auto"
    set pki x509 default cert-path partial
    set address Trust “10.48.123.0/24” 10.48.123.0 255.255.255.0
    set address Untrust “10.48.122.0/24” 10.48.122.0 255.255.255.0
    set ippool “p1” 10.48.123.30 10.48.123.40
    set ippool “p2” 10.48.124.30 10.48.124.40
    set user “user1” uid 3
    set user “user1” ike-id fqdn “ISAKMPIDV6” share-limit 1
    set user “user1” type ike xauth
    set user “user1” password "GHS8r114NluQA5s7nCCDbq66qcnQQFMWng=="
    unset user “user1” type auth
    set user “user1” "enable"
    set ike gateway “av6-1” dialup “user1” Main outgoing-interface “untrust” local-address “4ffe::200:ff:fe00:2” preshare “I3F/tPuFNlty/WsKolCvL
    aT1CRnBO8t5Vg==” proposal "pre-g1-des-md5"
    unset ike gateway “av6-1” nat-traversal
    set ike respond-bad-spi 1
    set xauth default ippool "p2"
    set xauth server config-after-auth
    set vpn “av6-2” gateway “av6-1” no-replay tunnel idletime 0 proposal "nopfs-esp-des-md5"
    set vpn “av6-2” id 5 bind interface tunnel.2
    set policy id 1 from “Untrust” to “Trust” “Any-IPv4” “Any-IPv4” “ANY” permit
    set policy id 1
    set policy id 2 from “Trust” to “Untrust” “Any-IPv4” “Any-IPv4” “ANY” permit
    set policy id 2
    set policy id 3 from “Untrust” to “Trust” “Any-IPv6” “Any-IPv6” “ANY” permit
    set policy id 3
    set policy id 4 from “Trust” to “Untrust” “Any-IPv6” “Any-IPv6” “ANY” permit
    set policy id 4
    set vrouter "untrust-vr"
    exit
    set vrouter "trust-vr"
    unset add-default-route
    set route 0.0.0.0/0 interface trust gateway 10.48.123.1
    set route 0.0.0.0/0 interface tunnel.1
    set route ::/0 interface tunnel.2 gateway :: preference 20
    exit
    set vrouter "untrust-vr"
    exit
    set vrouter "trust-vr"
    exit


 

39
Online

38.4k
Users

12.7k
Topics

44.5k
Posts