To configure the SA, include the security-association statement at the [edit security] hierarchy level:
- security-association name {
- mode (tunnel | transport);
-
- manual {
-
- direction (inbound | outbound | bi-directional) {
- auxiliary-spi auxiliary-spi-value;
- spi spi-value;
- protocol (ah | esp | bundle);
-
- authentication {
- algorithm (hmac-md5-96 | hmac-sha1-96);
- key (ascii-text key | hexadecimal key);
- }
-
- encryption {
- algorithm (des-cbc | 3des-cbc);
- key (ascii-text key | hexadecimal key);
- }
- }
-
- dynamic {
- replay-window-size (32 | 64);
- ipsec-policy policy-name;
- }
- }
- }
For more information about configuring an SA, see the JUNOS System Basics Configuration Guide. For information about applying the SA to an interface, see Specifying the Security Association Name.