[Contents] [Prev] [Next] [Index] [Report an Error]

Considering General IPSec Issues

Before you configure IPSec, it is helpful to understand some general guidelines.

Table 52: Comparison of IPSec Configuration Statements and Operational Mode Commands for the AS and MultiServices PICs and ES PIC

AS and MultiServices PICs Statements and Commands

ES PIC Statements and Commands
Configuration Mode Statements

[edit service-set name ]

[edit services ipsec-vpn ike]

  • policy {...}
  • proposal {...}

[edit security ike]

  • policy {...}
  • proposal {...}

[edit services ipsec-vpn ipsec]

  • policy {...}
  • proposal {...}

[edit security ipsec]

  • policy {...}
  • proposal {...}

[edit services ipsec-vpn rule rule-name ]

  • remote-gateway address

[edit interface es- fpc / pic /port ]

  • tunnel destination address

[edit services ipsec-vpn rule rule-name term term-name]

  • from match-conditions {...}
    then dynamic {...}
  • from match-conditions {...}
    then manual {...}

[edit security ipsec]

  • security-association name dynamic {...}
  • security-association name manual {...}

[edit services ipsec-vpn rule-set]

[edit services service-set ipsec-vpn]

  • local-gateway address

[edit interface es- fpc /pic /port ]

  • tunnel source address
Operational Mode Commands

clear security pki ca-certificate

clear security pki certificate-request

clear security pki local-certificate

clear services ipsec-vpn certificates

request security pki ca-certificate enroll

request security certificate (unsigned)

request security pki ca-certificate load

request system certificate add

request security pki generate-certificate-request

request security pki generate-key-pair

request security key-pair

request security pki local-certificate enroll

request security certificate (signed)

request security pki local-certificate load

request system certificate add

show security pki ca-certificate

show system certificate

show security pki certificate-request

show security pki crl

show security pki local-certificate

show system certificate

show services ipsec-vpn certificates

show ipsec certificates

show services ipsec-vpn ike security-associations

show ike security-associations

show services ipsec-vpn ipsec security-associations

show ipsec security-associations

Table 53: Authentication and Encryption Key Lengths

 

Number of
Hexadecimal Characters

Number of ASCII Characters

Authentication

  

HMAC-MD5-96

32

16

HMAC-SHA1-96

40

20

Encryption

  

AES-128-CBC

16

32

AES-192-CBC

24

48

AES-256-CBC

32

64

DES-CBC

16

8

3DES-CBC

48

24

Table 54: Weak and Semiweak Keys

Weak Keys

   

0101

0101

0101

0101

1F1F

1F1F

1F1F

1F1F

E0E0

E0E0

E0E0

E0E0

FEFE

FEFE

FEFE

FEFE
Semiweak Keys

01FE

01FE

01FE

01FE

1FE0

1FE0

0EF1

0EF1

01E0

01E0

01F1

01F1

1FFE

1FFE

0EFE

0EFE

011F

011F

010E

010E

E0FE

E0FE

F1FE

F1FE

FE01

FE01

FE01

FE01

E01F

E01F

F10E

F10E

E001

E001

F101

F101

FEF1

FEF1

FE0E

FE0E

1F01

1F01

0E01

0E01

FEE0

FEE0

FEF1

FEF1

Keep in mind the following limitations of IPSec services on the AS PIC:

[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.