 |
Note: If you want to establish a dynamic SA, the attributes in at least one configured IPSec and IKE proposal must match those of its peer. |
You configure dynamic SAs with a set of proposals that are negotiated by the security gateways. The keys are generated as part of the negotiation and therefore do not need to be specified in the configuration. The dynamic SA includes one or more proposals, which allow you to prioritize a list of protocols and algorithms to be negotiated with the peer.
To enable a dynamic SA, follow these steps:
For more information about IKE policies and proposals, see Configuring an IKE Policy and Configuring an IKE Proposal. For more information about IPSec policies and proposals, see Configuring an IPSec Policy.
To configure a dynamic SA, include the dynamic statement and specify an IPSec policy name at the [edit services ipsec-vpn rule rule-name term term-name then] hierarchy level. The ike-policy statement is optional unless you use the preshared key authentication method.
-
dynamic {
- ike-policy policy-name;
- ipsec-policy policy-name;
- }
|
Note: If you want to establish a dynamic SA, the attributes in at least one configured IPSec and IKE proposal must match those of its peer. |
 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |