internal (Security IPsec)

Syntax

internal {security-association {manual encryption {iked_encryption enabledalgorithm 3des-cbc;key ascii-text key;}}
}

Hierarchy Level

[edit security ipsec internal-security-association]

Release Information

Statement introduced in Junos OS Release 12.1X45-D10.

Support for iked_encryption option added in Junos OS Release 12.1X47-D15.

Description

Enable secure login by configuring the internal IP security (IPsec) security association (SA). When the internal IPsec is configured, IPsec-based rlogin and remote command (rcmd) are enforced, so an attacker cannot gain unauthorized information.

Options

security-association

Specify an IPsec SA.

manual encryption

Specify a manual SA.

iked_encryption

Select the iked encryption option.

algorithm

Specify the encryption algorithm for the internal Routing-Engine-to-Routing-Engine IPsec SA configuration.

Note: Only the 3des-cbc encryption algorithm is supported.

key

Specify the encryption key. You must ensure that the manual encryption key is in ASCII text and 24 characters long; otherwise, the configuration will result in a commit failure.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Related Documentation