[Contents] [Prev] [Next] [Index] [Report an Error]

Default IKE and IPSec Proposals

The software includes implicit default IKE and IPSec proposals to match the proposals sent by the dynamic peers. The values are shown in Table 15; if more than one value is shown, the first value is the default. For more information on IKE proposals, see Configuring an IKE Proposal; for more information on IPSec proposals, see Configuring an IPSec Proposal.

Note: RSA certificates are not supported with dynamic endpoint configuration.

Table 15: Default IKE and IPSec Proposals for Dynamic Negotiations

Statement Name

Values
Implicit IKE Proposal

authentication-method

pre-shared keys

dh-group

group1, group2

authentication-algorithm

sha1, md5, sha-256

encryption-algorithm

3des-cbc, des-cbc, aes-128, aes-192, aes-256

lifetime-seconds

3600 seconds
Implicit IPSec Proposal

protocol

esp, ah, bundle

authentication-algorithm

hmac-sha1-96, hmac-md5-96

encryption-algorithm

3des-cbc, des-cbc, aes-128, aes-192, aes-256

lifetime-seconds

28,800 seconds (8 hours)
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.