[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring the SA Direction

To configure the IPSec SA direction, include the direction statement at the [edit security ipsec internal security-association manual] hierarchy level:



[edit security ipsec internal security-association manual]

direction  (bidirectional | inbound | outbound);

The value can be one of the following:

bidirectional—Apply the same SA values in both directions between Routing Engines.
inbound—Apply these SA properties only to the inbound IPSec tunnel.
outbound—Apply these SA properties only to the outbound IPSec tunnel.

If you do not configure the SA to be bidirectional, you must configure SA parameters for IPSec tunnels in both directions. The following example uses an inbound and outbound IPSec tunnel:



[edit security]
ipsec {


internal { 


security-association {


manual {


direction inbound {
protocol esp;
spi 512;


authentication {
algorithm hmac-sha1-96;
key ascii-text “$9$I5/hyKX7v4aUM8aUjH5TRhS1vLdb2�?;
}




encryption {
algorithm 3des-cbc;
key ascii-text “$.KL3rngIH7,theOPcn87lxfpe9GJKdme�?;
}


}




direction outbound {
protocol esp;
spi 513;


authentication {
algorithm hmac-sha1-96;
key ascii-text “$9$I5/hyKX7v4aUM8aUjH5TRhS1vLdb2�?;
}




encryption {
algorithm 3des-cbc;
key ascii-text “.n87lngIH7,thxefpe9GJKdme.KL3rOPc�?;
}


}


}


}


}


}

Note: The use of unidirectional IPSec tunnels is not recommended.

[Contents] [Prev] [Next] [Index] [Report an Error]