authentication-method

Syntax

authentication-method (dsa-signatures | pre-shared-keys | rsa-signatures);

Hierarchy Level

[edit security group-vpn member ike proposal proposal-name][edit security group-vpn server ike proposal proposal-name][edit security ike proposal proposal-name]

Release Information

Statement modified in Release 8.5 of Junos OS. Support for group-vpn hierarchies added in Junos OS Release 10.2.

Description

Specify the method the device uses to authenticate the source of Internet Key Exchange (IKE) messages. The pre-shared-keys option refers to a preshared key, which is a key for encryption and decryption that both participants must have before beginning tunnel negotiations. The rsa-signatures and dsa-signatures options refer to two kinds of digital signatures, which are certificates that confirm the identity of the certificate holder. (The default method is a preshared key.) (The rsa-signatures and dsa-signatures options are not supported on dynamic VPN implementations.)

Options

dsa-signatures—Specify that the Digital Signature Algorithm (DSA) is used.

pre-shared-keys—Specify that a preshared key, which is a secret key shared between the two peers, is used during authentication to identify the peers to each other. The same key must be configured for each peer. This is the default method.

rsa-signatures—Specify that a public key algorithm, which supports encryption and digital signatures, is used.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.