 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
- ipsec {
-
-
security-association {
-
-
manual {
-
-
direction (bidirectional | inbound
| outbound) {
-
protocol esp;
-
spi spi-value;
-
-
encryption {
-
algorithm 3des-cbc;
-
key ascii-text ascii-text-string;
- }
- }
- }
- }
-
-
policy ipsec-policy-name {
-
-
perfect-forward-secrecy {
- keys (group1 | group2);
- }
-
proposals [ proposal-names ];
- }
-
-
proposal ipsec-proposal-name {
-
authentication-algorithm (hmac-md5-96 | hmac-sha1-96);
-
encryption-algorithm (3des-cbc | des-cbc);
-
lifetime-seconds seconds;
-
protocol (ah | esp | bundle);
- }
-
-
security-association name {
-
- dynamic {
- ipsec-policy policy-name;
- replay-window-size (32 | 64);
- }
-
-
manual {
-
-
direction (inbound | outbound |
bi-directional) {
-
-
authentication {
- algorithm (hmac-md5-96 | hmac-sha1-96);
- key (ascii-text key | hexadecimal key);
- }
- auxiliary-spi auxiliary-spi-value;
-
-
encryption {
- algorithm (des-cbc | 3des-cbc);
- key (ascii-text key | hexadecimal key);
- }
-
protocol (ah | esp | bundle);
-
spi spi-value;
- }
- }
-
mode (tunnel | transport);
- }
-
-
traceoptions {
- file <files number> < size size>;
- flag all;
- flag database;
- flag general;
- flag ike;
- flag parse;
- flag policy-manager;
- flag routing-socket;
- flag timer;
- }
- }
- [edit security]
Statement introduced before JUNOS Release 7.4.
(Encryption interface on M-series and T-series routing platforms only) Configure IPSec.
The statements are explained separately.
See Configuring Security Associations.
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |