[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring Manual Security Associations

Manual SAs require no negotiation; all values, including the keys, are static and specified in the configuration. As a result, peers can communicate only when they all share the same configured options.

To configure the manual IPSec SA for an ES PIC, include the manual statement at the edit security ipsec security-association sa-name] hierarchy level:



[edit security ipsec security-association sa-name]

manual {



direction (inbound | outbound |
bi-directional) {



authentication {
algorithm (hmac-md5-96 | hmac-sha1-96); 
key (ascii-text key | hexadecimal key);
}



auxiliary-spi auxiliary-spi-value;



encryption {
algorithm (des-cbc | 3des-cbc);
key (ascii-text key | hexadecimal key);
}



protocol (ah | esp | bundle);

spi spi-value;
}


}

The following sections describe how to configure a manual SA:

Configuring the Processing Direction
Configuring the Protocol for a Manual SA
Configuring the Security Parameter Index
Configuring the Auxiliary Security Parameter Index
Configuring the Authentication Algorithm and Key
Configuring the Encryption Algorithm and Key

[Contents] [Prev] [Next] [Index] [Report an Error]