Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?





Hierarchy Level

Release Information

Statement introduced in Junos OS Release 8.5.

Support for ecdsa-signatures-256 and ecdsa-signatures-384 options added in Junos OS Release 12.1X45-D10.

ecdsa-signatures-521 option introduced in Junos OS Release 19.1R1 on SRX5000 line of devices with SRX5K-SPC3 card.


Specify the method the device uses to authenticate the source of Internet Key Exchange (IKE) messages. The pre-shared-keys option refers to a preshared key, which is a key for encryption and decryption that both participants must have before beginning tunnel negotiations. The other options refer to types of digital signatures, which are certificates that confirm the identity of the certificate holder.


The device does not delete existing IPsec SAs when you update the authentication-method configuration in the IKE proposal.


  • dsa-signatures—Specify that the Digital Signature Algorithm (DSA) is used.

  • ecdsa-signatures-256—Specify that the Elliptic Curve DSA (ECDSA) using the 256-bit elliptic curve secp256r1, as specified in the Federal Information Processing Standard (FIPS) Digital Signature Standard (DSS) 186-3, is used.

  • ecdsa-signatures-384—Specify that the ECDSA using the 384-bit elliptic curve secp384r1, as specified in the FIPS DSS 186-3, is used.

  • pre-shared-keys—Specify that a preshared key, which is a secret key shared between the two peers, is used during authentication to identify the peers to each other. The same key must be configured for each peer. This is the default method.

  • rsa-signatures—Specify that a public key algorithm, which supports encryption and digital signatures, is used.

  • ecdsa-signatures-521—Specify that the ECDSA using the 521-bit elliptic curve secp521r1 is used.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Related Documentation