Help Center User GuideGetting Started
 
X
User Guide
Getting Started
Contents  

Add a Proposal

You are here: Configure > Security Services > IPSec VPN > IKE (Phase II).

Procedure

To add a proposal:

  1. Click the add icon (+) on the upper right side of the proposal tab of IKE (Phase II) page.

    The Add Proposal page appears.

  2. Complete the configuration according to the guidelines provided in Table 268.
  3. Click OK to save the changes. If you want to discard your changes, click Cancel.

Table 268: Fields on the Add Proposal Page

Field

Action

Name

Enter a name of the Phase II proposal.

Description

Enter a text description for the Phase II proposal.

Authentication Algorithm

Select an option from the list for authenticating packet data:

  • none

  • hmac-md5-96—Produces a 128-bit digest.

  • hmac-sha1-96—Produces a 160-bit digest.

  • hmac-sha-256-128—Produces a 256-bit digest.

  • hmac-sha-512—Starting in Junos OS Release 19.1R1, this option is supported. Produces a 512-bit digest.

  • hmac-sha-384—Starting in Junos OS Release 19.1R1, this option is supported. Produces a 384-bit digest.

Note: Starting in Junos OS Release 19.1R1, the new Authentication algorithm SRX5000 Series devices with SPC3 card upon installation of junos-ike package only. To install junos-ike package from J-Web, navigate to Configure > Security Services > IPsec VPN > Global Settings and click Install.

Encryption Algorithm

Select an option from the list of IKE encryption algorithm.

  • 3des-cbc—3DES-CBC encryption algorithm.

  • aes-128-cbc—AES-CBC 128-bit encryption algorithm.

  • aes-192-cbc—AES-CBC 192-bit encryption algorithm.

  • aes-256-cbc—AES-CBC 256-bit encryption algorithm.

  • des-cbc—DES-CBC encryption algorithm.

  • aes-128-gcm—AES-GCM128-bit encryption algorithm.

  • aes-256-gcm—AES-GCM256-bit encryption algorithm.

Lifetime Kilobytes

Enter a value from 64 through 1,048,576 bytes to specify the lifetime of an IPSec SA.

The SA is terminated when the specified number of kilobytes of traffic has passed.

Lifetime Seconds Protocol

Enter a value from 180 through 86,400 seconds to specify the lifetime of an IKE SA. When the SA expires, it is replaced by a new SA and SPI or is terminated.

Protocol

Specifies the networking protocol name.

Select a protocol from the list:

  • none

  • ah—IP Security Authentication Header

  • esp—IPsec Encapsulating Security Payload

Note: When this IPSec proposal is configured for Dynamic VPN, select esp for protocol.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit