authentication (Security IPsec)

Syntax

authentication {algorithm (hmac-md5-96 | hmac-sha-256-128 | hmac-sha-256-96 | hmac-sha1-96); key (ascii-text key | hexadecimal key );}

Hierarchy Level

[edit security ipsec vpn vpn-name manual]

Release Information

Statement modified in Junos OS Release 8.5. Support for hmac-sha-256-128 added to high-end SRX Series devices in Junos OS Release 12.1X46-D20.

Description

Configure IPsec authentication parameters for a manual security association. This statement is not supported on dynamic VPN implementations.

Options

algorithm

Hash algorithm that authenticates packet data. It can be one of the following:

  • hmac-md5-96—Produce a 128-bit digest.
  • hmac-sha-256-128—Produce a 256-bit digest, truncated to 128 bits.
  • hmac-sha-256-96—Produce a 256-bit digest, truncated to 96 bits. This option is not supported on high-end SRX Series devices.
  • hmac-sha1-96—Produce a 160-bit digest.
key

Type of authentication key. It can be one of the following:

  • ascii-text key—ASCII text key. For hmac-md5-96, the key is 16 ASCII characters; for hmac-sha1-96, the key is 20 ASCII characters.
  • hexadecimal key—Hexadecimal key. For hmac-md5-96, the key is 32 hexadecimal characters; for hmac-sha1-96, the key is 40 hexadecimal characters.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Related Documentation