proposal-set (IKE)

Syntax

proposal-set <basic | compatible | standard>;

Hierarchy Level

[edit security group-vpn member ike policy policy-name][edit security group-vpn server ike policy policy-name][edit security ike policy policy-name ]

Release Information

Statement introduced in Release 8.5 of Junos OS. Support for group-vpn hierarchies added in Junos OS Release 10.2.

Description

Specify a set of default Internet Key Exchange (IKE) proposals. (This statement is not supported on dynamic VPN implementations.)

Options

basic—Basic set of two IKE proposals:

Proposal 1—Preshared key, Data Encryption Standard (DES) encryption, and Diffie-Hellman Group 1 and Secure Hash Algorithm 1 (SHA-1) authentication.
Proposal 2—Preshared key, DES encryption, and Diffie-Hellman Group 1 and MD5 authentication.

compatible—Set of four commonly used IKE proposals:

Proposal 1—Preshared key, triple DES (3DES) encryption, and G2 and SHA-1 authentication.
Proposal 2—Preshared key, 3DES, and Diffie-Hellman Group 2 and MD5 authentication.
Proposal 3—Preshared key, DES encryption, and Diffie-Hellman Group 2 and SHA-1 authentication.
Proposal 4—Preshared key, DES encryption, and Diffie-Hellman Group 2 and MD5 authentication.

standard—Standard set of two set of IKE proposals:

Proposal 1— Preshared key, 3DES encryption, and Diffie-Hellman Group 2 and SHA-1 authentication.
Proposal 2—Preshared key, Advanced Encryption Standard (AES) 128-bit encryption, and Diffie-Hellman Group 2 and SHA-1 authentication.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.