[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring IPSec Actions

To configure IPSec actions, include the then statement at the [edit services ipsec-vpn rule rule-name term term-name] hierarchy level:




then {

backup-remote-gateway address;

clear-dont-fragment-bit;



dynamic {
ike-policy policy-name;
ipsec-policy policy-name;
}



initiate-dead-peer-detection;



manual {



direction (inbound | outbound |
bidirectional) {



authentication {
algorithm (hmac-md5-96 | hmac-sha1-96);
key (ascii-text key | hexadecimal key); 
}



auxiliary-spi spi-value;



encryption {
algorithm algorithm;
key (ascii-text key | hexadecimal key); 
}



protocol (ah | bundle | esp);

spi spi-value;
}


}



no-anti-replay;

remote-gateway address;

syslog;

tunnel-mtu bytes;
}

The principal IPSec actions are to configure a dynamic or manual SA:

You configure a dynamic SA by including the dynamic statement at the [edit services ipsec-vpn rule rule-name term term-name then] hierarchy level and referencing policies you have configured at the [edit services ipsec-vpn ipsec] and [edit services ipsec-vpn ike] hierarchy levels; for more information, see Configuring Dynamic Security Associations.
You configure a manual SA by including the manual statement at the [edit services ipsec-vpn rule rule-name term term-name then] hierarchy level; for more information, see Configuring Manual Security Associations.

You can configure the following additional properties:

[Contents] [Prev] [Next] [Index] [Report an Error]