[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring an IKE Proposal

Dynamic SAs require IKE configuration. With dynamic SAs, you configure IKE first, and then the SA. IKE creates the dynamic SAs and negotiates them for IPSec. The IKE configuration defines the algorithms and keys used to establish the secure IKE connection with the peer security gateway.

You can configure one or more IKE proposals. Each proposal is a list of IKE attributes to protect the IKE connection between the IKE host and its peer.

To configure an IKE proposal, include the proposal statement and specify a name at the [edit services ipsec-vpn ike] hierarchy level:




proposal proposal-name {

authentication-algorithm (md5 | sha1 | sha-256);

authentication-method (dsa-signatures | pre-shared-key
| rsa-signatures);

dh-group (group1 | group2);

encryption-algorithm algorithm;

lifetime-seconds seconds;
}

This section includes the following topics:

Configuring an IKE Authentication Algorithm
Configuring an IKE Authentication Method
Configuring an IKE Diffie-Hellman Group
Configuring an IKE Encryption Algorithm
Configuring the Lifetime for an IKE SA
Example: Configuring an IKE Proposal

[Contents] [Prev] [Next] [Index] [Report an Error]