[Contents][Prev][Next][Index][Report an Error]

Configuring Manual Security Associations

Manual SAs require no negotiation; all values, including the keys, are static and specified in the configuration. As a result, each peer must have the same configured options for communication to take place.

To configure a manual IPSec security association, include statements at the [edit services ipsec-vpn rule rule-name term term-name then manual] hierarchy level:




direction (inbound | outbound |
bidirectional) {



authentication {
algorithm (hmac-md5-96 | hmac-sha1-96); 
key (ascii-text key | hexadecimal key);
}



auxiliary-spi auxiliary-spi-value;



encryption {
algorithm algorithm;
key (ascii-text key | hexadecimal key);
}



protocol (ah | esp | bundle);

spi spi-value;
}

To configure manual SA statements, do the following:

Configuring Direction
Configuring the Protocol
Configuring the Security Parameter Index
Configuring the Auxiliary Security Parameter Index
Configuring Authentication
Configuring Encryption

[Contents][Prev][Next][Index][Report an Error]