Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
ContentIndex
  
[+] Expand All
[-] Collapse All

No index entries found.

Related Documentation

  • Dynamic VPN Overview
  • Group VPN Overview
  • IPsec VPN Overview

proposal-set (Security IPsec)

Syntax

proposal-set (basic | compatible | prime-128 | prime-256 | standard | suiteb-gcm-128 | suiteb-gcm-256);

Hierarchy Level

[edit security ipsec policy policy-name]

Release Information

Statement introduced in Junos OS Release 10.4. Support for suiteb-gcm-128 and suiteb-gcm-256 options added in Junos OS Release 12.1X45-D10. Support for prime-128 and prime-256 options added in Junos OS Release 12.3X48-D20.

Description

Define a set of default IPsec proposals.

Options

basic

nopfs-esp-des-sha and nopfs-esp-des-md5.

compatible

nopfs-esp-3des-sha, nopfs-esp-3des-md5, nopfs-esp-des-sha, and nopfs-esp-des-md5.

prime-128

Provides the following proposal set:

  • Encapsulating Security Payload (ESP) protocol.
  • Encryption algorithm—Advanced Encryption Standard Galois/Counter mode (AES-GCM)128-bit.
  • Authentication algorithm—None (AES-GCM provides both encryption and authentication).

Note: This option is not supported on Group VPNs.

prime-256

Provides the following proposal set:

  • ESP protocol.
  • Encryption algorithm—AES-GCM 256-bit.
  • Authentication algorithm—None (AES-GCM provides both encryption and authentication).

Note: This option is not supported on Group VPNs.

standard

g2-esp-3des-sha and g2-esp-aes128-sha.

suiteb-gcm-128

Provides the following Suite B proposal set:

  • ESP protocol.
  • Encryption algorithm— AES-GCM 128-bit.
  • Authentication algorithm—None (AES-GCM provides both encryption and authentication).

Note: This option is not supported on Group VPNs.

suiteb-gcm-256

Provides the following Suite B proposal set:

  • ESP protocol.
  • Encryption algorithm—AES-GCM 256-bit.
  • Authentication algorithm—None (AES-GCM provides both encryption and authentication).

Note: This option is not supported on Group VPNs.

Note: Perfect Forward Secrecy setting in IPsec policy will override the settings in proposal-sets in Junos OS Release 10.4 and later.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Related Documentation

  • Dynamic VPN Overview
  • Group VPN Overview
  • IPsec VPN Overview

Modified: 2016-05-01