Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
server (Group VPN)
Syntax
server {group name{activation-time-delay seconds;anti-replay-time-window seconds;description text;group-id number;ike-gateway gateway-name;ipsec-sa name {proposal name;match-policy name {destination ip-address/netmask;destination-port number;protocol number;source ip-address/netmask;source-port number;}}no-anti-replay;server-address ip-address;server-member-communication {certificate certificate-id;communication-type (multicast | unicast);encryption-algorithm (3des-cbc | aes-128-cbc | aes-192-cbc
| aes-256-cbc | des-cbc);heartbeat seconds;lifetime-seconds seconds;multicast-group address;multicast-outgoing-interface interface;number-of-retransmission number;retransmission-period seconds;sig-hash-algorithm (md5 | sha1);}}ike {gateway name {address ( ip-address | hostname );dynamic {distinguished-name {container string; wildcard string;}hostname name;inet ip-address;user-at-hostname email-address;}ike-policy name;local-identity {distinguished-name;hostname name;inet ip-address;user-at-hostname emailaddress;}}policy name {certificate {local-certificate identifier;peer-certificate-type [pkcs7 | x509-signature);trusted-ca (ca-index | use-all);}description text;mode (aggressive | main); pre-shared-key (ascii-text text |
hexadecimal hex);proposal-set (basic | compatible | standard);proposals name;}proposal name {authentication-algorithm (md5 | sha-256 | sha1);authentication-method (pre-shared-keys | rsa-signatures);description text;dh-group (group1 | group2 | group5);encryption-algorithm (3des-cbc | aes-128-cbc | aes-192-cbc
| aes-256-cbc | des-cbc);lifetime-seconds seconds;}}ipsec proposal name {authentication-algorithm (hmac-md5-96 | hmac-sha1-96);description text;encryption-algorithm (3des-cbc | aes-128-cbc | aes-192-cbc
| aes-256-cbc | des-cbc);lifetime-seconds seconds;}traceoptions {file {files number;match regexp;(no-world-readable | world-readable);size size;}flag {all | certificates | config | database | general | high-availability
| ike| next-hop-tunnels | parse | policy-manager | routing-socket
| thread | timer}no-remote-trace;}}
Hierarchy Level
[edit security group-vpn]
Release Information
Statement introduced in Release 10.2 of Junos OS.
Description
Configure group VPN server. You configure the following on the group server:
- Phase 1 IKE SA for group members
- Phase 2 IPsec proposal
- Group identifier, group members, server-member communications, and group policies to be downloaded to members
- Group VPN trace options
Options
The remaining statements are explained separately.
Usage Guidelines
For configuration instructions and examples, see the Junos OS Security Configuration Guide
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
