ipsec (Group VPN Server)

Syntax

ipsec proposal name {authentication-algorithm (hmac-md5-96 | hmac-sha1-96);description text;encryption-algorithm (3des-cbc | aes-128-cbc | aes-192-cbc | aes-256-cbc | des-cbc);lifetime-seconds seconds;}

Hierarchy Level

[edit security group-vpn server]

Release Information

Statement introduced in Release 10.2 of Junos OS.

Description

Configure IPsec proposal for Phase 2 exchange on the group server.

Options

proposal—Name of the proposal. The proposal name can be up to 32 alphanumeric characters long.

authentication-algorithm—Hash algorithm that authenticates packet data. It must be one of three algorithms:

md5—Produces a 128-bit digest.
sha-256—Produces a 256-bit digest.
sha1—Produces a 160-bit digest.

description—Specify descriptive text for the IPsec proposal.

encryption-algorithm—Configure an IKE encryption algorithm. It must be one of the following:

3des-cbc—Has a block size of 24 bytes; the key size is 192 bits long.
des-cbc—Has a block size of 8 bytes; the key size is 48 bits long.
aes-128-cbc—Advanced Encryption Standard (AES) 128-bit encryption algorithm.
aes-192-cbc—AES 192-bit encryption algorithm.
aes-256-cbc—AES 256-bit encryption algorithm.

lifetime-seconds—Lifetime, in seconds, for this proposal. Specify a value from 180 to 86,400. The default is 3600 seconds.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.