 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
The direction statement specifies inbound or outbound IPSec processing. If you want to define different algorithms, keys, or security parameter index (SPI) values for each direction, you configure the inbound and outbound options. If you want the same attributes in both directions, use the bidirectional option.
To configure the direction of IPSec processing, include the direction statement at the [edit services ipsec-vpn rule rule-name term term-name then manual] hierarchy level:
-
direction (inbound | outbound |
bidirectional) {
- ...
- }
Define different algorithms, keys, and security parameter index values for each direction:
- [edit services ipsec-vpn rule rule-name term term-name then manual]
- direction inbound {
- protocol esp;
- spi 16384;
-
- encryption {
- algorithm 3des-cbc;
- key ascii-text 23456789012345678901234;
- }
- }
- direction outbound {
- protocol esp;
- spi 24576;
-
- encryption {
- algorithm 3des-cbc;
- key ascii-text 12345678901234567890abcd;
- }
- }
Define one set of algorithms, keys, and security parameter index values that is valid in both directions:
- [edit services ipsec-vpn rule rule-name term term-name then manual]
- direction bidirectional {
- protocol ah;
- spi 20001;
-
- authentication {
- algorithm hmac-md5-96;
- key ascii-text 123456789012abcd;
- }
- }
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |