Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
group-vpn
Syntax
group-vpn {co-location;member {ike {gateway gateway-name {address [(ip-address | hostname)];ike-policy policy-name;local-address address;local-identity (distinguished-name string | hostname hostname | inet ipv4-ip-address | user-at-hostname e-mail-address);}policy name {certificate {local-certificate identifier;peer-certificate-type [pkcs7 | x509-signature);trusted-ca (ca-index | use-all);}description text;mode (aggressive | main); pre-shared-key (ascii-text text |
hexadecimal hex);proposal-set (basic | compatible | standard);proposals name;}proposal name {authentication-algorithm (md5 | sha-256 | sha1);authentication-method (pre-shared-keys | rsa-signatures);description text;dh-group (group1 | group2 | group5);encryption-algorithm (3des-cbc | aes-128-cbc | aes-192-cbc
| aes-256-cbc | des-cbc);lifetime-seconds seconds;}}ipsec vpn name {group id;group-vpn-external-interface interface;heartbeat-threshold number;ike-gateway name;}}server {group name{activation-time-delay seconds;anti-replay-time-window seconds;description text;group-id number;ike-gateway gateway-name;ipsec-sa name {proposal name;match-policy name {destination ip-address/netmask;destination-port number;protocol number;source ip-address/netmask;source-port number;}}no-anti-replay;server-address ip-address;server-member-communication {certificate certificate-id;communication-type (multicast | unicast);encryption-algorithm (3des-cbc | aes-128-cbc | aes-192-cbc
| aes-256-cbc | des-cbc);heartbeat seconds;lifetime-seconds seconds;multicast-group address;multicast-outgoing-interface interface;number-of-retransmission number;retransmission-period seconds;sig-hash-algorithm (md5 | sha1);}}ike {gateway name {address ( ip-address | hostname );dynamic {distinguished-name {container string; wildcard string;}hostname name;inet ip-address;user-at-hostname email-address;}ike-policy name;local-identity {distinguished-name;hostname name;inet ip-address;user-at-hostname emailaddress;}}policy name {certificate {local-certificate identifier;peer-certificate-type [pkcs7 | x509-signature);trusted-ca (ca-index | use-all);}description text;mode (aggressive | main); pre-shared-key (ascii-text text |
hexadecimal hex);proposal-set (basic | compatible | standard);proposals name;}proposal name {authentication-algorithm (md5 | sha-256 | sha1);authentication-method (pre-shared-keys | rsa-signatures);description text;dh-group (group1 | group2 | group5);encryption-algorithm (3des-cbc | aes-128-cbc | aes-192-cbc
| aes-256-cbc | des-cbc);lifetime-seconds seconds;}}ipsec proposal name {authentication-algorithm (hmac-md5-96 | hmac-sha1-96);description text;encryption-algorithm (3des-cbc | aes-128-cbc | aes-192-cbc
| aes-256-cbc | des-cbc);lifetime-seconds seconds;}traceoptions {file {files number;match regexp;(no-world-readable | world-readable);size size;}flag {all | certificates | config | database | general | high-availability
| ike| next-hop-tunnels | parse | policy-manager | routing-socket
| thread | timer}no-remote-trace;}}}
Hierarchy Level
[edit security]
Release Information
Statement introduced in Release 10.2 of Junos OS.
Description
Configure group VPNs.
Options
The remaining statements are explained separately.
Usage Guidelines
For configuration instructions and examples, see the Junos OS Security Configuration Guide
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
