 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
Dynamic SAs require IKE configuration. The IKE configuration defines the algorithms and keys used to establish the secure IKE connection with the peer security gateway.
You can configure one or more IKE proposals. Each proposal is a list of IKE attributes to protect the IKE connection between the IKE host and its peer.
To configure an IKE proposal and define its properties, include the following statements at the [edit security ike] hierarchy level:
- [edit security ike]
-
proposal ike-proposal-name {
-
authentication-algorithm (md5 | sha1);
-
authentication-method (dsa-signatures | pre-shared-keys
| rsa-signatures);
-
description description ;
-
dh-group (group1 | group2);
-
encryption-algorithm (3des-cbc | des-cbc |
ase-128-cbc | ase-192-cbc | ase-256-cbc);
-
lifetime-seconds seconds;
- }
For information about associating an IKE proposal with an IKE policy, see Associating Proposals with an IKE Policy.
This section discusses the following topics:
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |