Add a Proposal
You are here: VPN > IKE (Phase I).
- Click the add icon (+) on the upper right side
of the Proposal tab of IKE (Phase I) page.
The Add Proposal page appears.
- Complete the configuration according to the guidelines
provided in Table 1.
- Click OK to save the changes. If you want to
discard your changes, click Cancel.
Table 1: Fields on the
Add Proposal Page
Field | Action |
---|
IKE Proposal |
Name | Enter a name of the proposal. |
Authentication Algorithm | Specifies the AH algorithm that the device uses to verify
the authenticity and integrity of a packet. Select a hash algorithm
from the list: md5—Produces a 128-bit digest. sha1—Produces a 160-bit digest. sha-256—Produces a 256-bit digest. Note:
The sha-256 authentication algorithm is not supported
with the dynamic VPN feature. sha-384—Produces a 384-bit digest. sha-512—Starting in Junos OS Release 19.1R1, this option is supported.
Produces a 512-bit digest.
|
Authentication Method | Specifies the method the device uses to authenticate
the source of IKE messages. Select an option from the list: pre-shared-key—Key for encryption and
decryption that both participants must have before beginning tunnel
negotiations. rsa-key—Kinds of digital signatures,
which are certificates that confirm the identity of the certificate
holder. dsa-signatures—Specifies the Digital
Signature Algorithm (DSA). ecdsa-signatures-256—The Elliptic Curve
DSA (ECDSA) using the 256-bit elliptic curve secp256r1, as specified
in the Federal Information Processing Standard (FIPS) Digital Signature
Standard (DSS) 186-3. ecdsa-signatures-384—The ECDSA using
the 384-bit elliptic curve secp384r1, as specified in the FIPS DSS
186-3.
|
Description | Enter a brief description of the IKE proposal. |
DH Group | Specifies the Diffie-Hellman group. The DH exchange allows
participants to produce a shared secret value over an unsecured medium
without actually transmitting the value across the connection. Select a group from the list: None group1 group2 group5 group14 group19 group20 group24 group15—Starting in Junos OS Release 19.1R1, this option is supported. group16—Starting in Junos OS Release 19.1R1, this option is supported. group21—Starting in Junos OS Release 19.1R1, this option is supported.
If you configure multiple (up to four) proposals for Phase 1
negotiations, use the same Diffie-Hellman group in all proposals. |
Encryption Algorithm | Specifies the supported Internet Key Exchange (IKE) proposals.
Select an encryption algorithm from the list: 3des-cbc—3DES-CBC encryption algorithm. aes-128-cbc—AES-CBC 128-bit encryption
algorithm. aes-192-cbc—AES-CBC 192-bit encryption
algorithm. aes-256-cbc—AES-CBC 256-bit encryption
algorithm. des-cbc—DES-CBC encryption algorithm. aes-128-gcm—AES-GCM128-bit encryption
algorithm aes-256-gcm—AES-GCM256-bit encryption
algorithm
|
Lifetime seconds | Select a lifetime for the IKE SA. Default: 3,600 seconds.
Range: 180 through 86,400 seconds. When the SA expires, it is replaced by a new SA and SPI or is
terminated. |
Release History Table
sha-512—Starting in Junos OS Release 19.1R1, this option is supported.
Produces a 512-bit digest.
group15—Starting in Junos OS Release 19.1R1, this option is supported.
group16—Starting in Junos OS Release 19.1R1, this option is supported.
group21—Starting in Junos OS Release 19.1R1, this option is supported.