[Contents] [Prev] [Next] [Index] [Report an Error]

[edit security] Hierarchy Level

security {

    certificates {

        cache-size bytes;

        cache-timeout-negative seconds;

        certification-authority ca-profile-name {

            ca-name certificate-authority-name;

            crl file-name;

            encoding (binary | pem);

            enrollment-url url-name;

            file certificate-filename;

            ldap-url url-name;

        }

        enrollment-retry number;

        local certificate-filename;

        maximum-certificates number;

        path-length bytes; 

    }

    ike {

        policy ike-peer-address {

            description policy-description;

            encoding (binary | pem);

            identity identity-name;

            local certificate-filename;

            local-key-pair private-public-key-file;

            mode (aggressive | main);

            pre-shared-key (ascii-text key | hexadecimal key);

            proposals [ proposal-names ];

        }

        proposal ike-proposal-name {

            authentication-algorithm (md5 | sha1);

            authentication-method (dsa-signatures | pre-shared-keys | rsa-signatures); 

            dh-group (group1 | group2);

            encryption-algorithm (3des-cbc | des-cbc);

            lifetime-seconds seconds; 

        }

    }

    ipsec {

        internal { 

            security-association {

                manual { 

                    direction (bidirectional | inbound | outbound) { 

                        protocol esp;

                        spi spi-value;

                        encryption {

                            algorithm 3des-cbc;

                            key ascii-text ascii-text-string;

                        }

                    }

                }

            }

        }

        policy ipsec-policy-name {

            perfect-forward-secrecy {

                keys (group1 | group2); 

            }

            proposals [ proposal-names ];

        }

        proposal ipsec-proposal-name {

            authentication-algorithm (hmac-md5-96 | hmac-sha1-96);

            encryption-algorithm (3des-cbc | des-cbc);

            lifetime-seconds seconds; 

            protocol (ah | esp | bundle);

        }

        security-association name {

            dynamic {

                <security-association (32 | 64)>;

                ipsec-policy policy-name;

            }

            manual {

                direction (JUNOS) (inbound | outbound | bi-directional) {

                    authentication {

                        algorithm (hmac-md5-96 | hmac-sha1-96);

                        key (ascii-text key | hexadecimal key);

                    }

                    auxiliary-spi auxiliary-spi-value;

                    encryption {

                        algorithm (des-cbc | 3des-cbc);

                        key (ascii-text key | hexadecimal key);

                    }

                    protocol (ah | esp | bundle);

                    spi spi-value;

                }

            }

            mode (tunnel | transport); 

            traceoptions {

                file <files number> <size size>;

                flag all;

                flag database;

                flag general;

                flag ike;

                flag parse;

                flag policy-manager;

                flag routing-socket;

                flag timer;

            }

        }

    }

} # End of [edit security] hierarchy level
[Contents] [Prev] [Next] [Index] [Report an Error]