Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

proposal-set (Security IPsec)

 

Syntax

Hierarchy Level

Release Information

Statement introduced in Junos OS Release 10.4. Support for suiteb-gcm-128 and suiteb-gcm-256 options added in Junos OS Release 12.1X45-D10. Support for prime-128 and prime-256 options added in Junos OS Release 15.1X49-D40.

Description

Define a set of default IPsec proposals.

Options

  • basic —nopfs-esp-des-sha and nopfs-esp-des-md5

  • compatible—nopfs-esp-3des-sha, nopfs-esp-3des-md5, nopfs-esp-des-sha, and nopfs-esp-des-md5

  • prime-128—Provides the following proposal set:

    • Encapsulating Security Payload (ESP) protocol

    • Encryption algorithm—Advanced Encryption Standard Galois/Counter mode (AES-GCM)128-bit

    • Authentication algorithm—None (AES-GCM provides both encryption and authentication)

    Note

    This option is not supported on Group VPNv2.

  • prime-256—Provides the following proposal set:

    • ESP protocol

    • Encryption algorithm—AES-GCM 256-bit

    • Authentication algorithm—None (AES-GCM provides both encryption and authentication)

    Note

    This option is not supported on Group VPNv2.

  • standard—g2-esp-3des-sha and g2-esp-aes128-sha

  • suiteb-gcm-128—Provides the following proposal set:

    • ESP protocol

    • Encryption algorithm—AES-GCM 128-bit

    • Authentication algorithm—None (AES-GCM provides both encryption and authentication)

    Note

    This option is not supported on Group VPNv2.

  • suiteb-gcm-256—Provides the following proposal set:

    • ESP protocol

    • Encryption algorithm—AES-GCM 256-bit

    • Authentication algorithm—None (AES-GCM provides both encryption and authentication)

    Note

    This option is not supported on Group VPNv2.

Note

The Perfect Forward Secrecy setting in IPsec policy overrides the settings in proposal sets.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Related Documentation