Configure IPSec Services
To configure Internet Protocol Security (IPSec) services, you include the following statements at the
[edit services ipsec-vpn]hierarchy level of the configuration:[edit services ipsec-vpn]ike{proposalproposal-name{authentication-algorithm(md5 | sha1);authentication-method(dsa-signatures |pre-shared-keys | rsa-signatures);descriptiondescription;dh-group(group1 | group2);encryption-algorithm(3des-cbc | des-cbc);lifetime-secondsseconds;}policypolicy-name{descriptiondescription;local-id{fqdn [values];ipv4_addr [values];key_id [values];}mode(aggressive | main);pre-shared-key(ascii-textkey| hexadecimalkey);proposals[proposal-names];remote-id{fqdn [values];ipv4_addr [values];key_id [values];}}}ipsec{proposalproposal-name{authentication-algorithm(hmac-md5-96 | hmac-sha1-96);descriptiondescription;encryption-algorithm(3des-cbc | des-cbc);lifetime-secondsseconds;protocol(ah | esp | bundle);}policypolicy-name{descriptiondescription;perfect-forward-secrecy{keys (group1 | group2);}proposals[proposal-names];}}rule rule-name {match-direction (input | output);termterm-name{from {destination-addressaddress;source-addressaddress;}then{dynamic{ike-policypolicy-name;ipsec-policypolicy-name;}manual(direction(inbound | outbound | bidirectional) {authentication {algorithm (hmac-md5-96 | hmac-sha1-96);key (ascii-textkey| hexadecimalkey);}auxiliary-spispi-value;encryption {algorithm (des-cbc | 3des-cbc);key (ascii-textkey| hexadecimalkey);}protocol(ah | bundle | esp);spispi-value;}}clear-dont-fragment-bit;no-anti-replay:remote-gatewayaddress;syslog;}}}rule-setrule-set-name{[ rulerule-names];}