To define a manual security association (SA) configuration for an ES PIC, you must include at least the following statements at the [edit security ipsec] hierarchy level:
- [edit security ipsec]
-
security-association sa-name {
-
-
manual {
-
-
direction (inbound | outbound |
bidirectional) {
-
-
authentication {
- algorithm (hmac-md5-96 | hmac-sha1-96);
- key (ascii-text key | hexadecimal key);
- }
-
-
encryption {
- algorithm (des-cbc | 3des-cbc);
- key (ascii-text key | hexadecimal key);
- }
-
protocol (ah | esp | bundle);
-
spi spi-value;
- }
- }
- }
 |
Note: You configure a manual SA for AS and MultiServices PICs at the [edit services ipsec-vpn rule rule-name term term-name then manual] hierarchy level. For more information, see the “IPSec” chapter of the JUNOS Feature Guide and the “IPSec Services Configuration Guidelines” chapter of the JUNOS Services Interfaces Configuration Guide. |
 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |