 |
Note: You cannot configure DES-based SAs in JUNOS-FIPS. |
To configure IPSec SA for internal, Routing-Engine-to-Routing-Engine communication, include the following statements at the [edit security] hierarchy level:
- [edit security ]
-
ipsec {
-
-
internal {
-
-
security-association {
-
-
manual {
-
-
direction (bidirectional | inbound | outbound)
{
-
protocol esp;
-
spi spi-value;
-
-
authentication {
-
algorithm hmac-sha1-96;
-
key ascii-text ascii-test-string;
- }
-
-
encryption {
-
algorithm 3des-cbc;
-
key ascii-text ascii-text-string;
- }
- }
- }
- }
- }
- }
This section describes the following tasks for configuring internal IPSec:
Internal IPSec requires manual configuration by a Crypto Officer. For more information about configuring a user as Crypto Officer, see Crypto Officer and JUNOS-FIPS User Configurations .
A router with two Routing Engines must have an internal IPSec SA configured to enable communication between the Routing Engines. Only four parameters are required: SA direction, SPI value, and key values for authentication and encryption.
|
Note: You cannot configure DES-based SAs in JUNOS-FIPS. |
 | Copyright © 2008, Juniper Networks, Inc. All Rights Reserved. Trademark Notice. | |