Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring IPSec Conditions (SRC CLI)

 

You can configure IPSec conditions for Junos OS policy rules. Use the following configuration statements to add IPSec conditions to a classify-traffic condition:

To add IPSec conditions to a classify-traffic condition:

  1. From configuration mode, enter the IPSec configuration. For example:

  2. (Optional) Specify the authentication header (AH) or the encapsulating security payload (ESP) security parameter index (SPI).

  3. (Optional) Configure the value of the IP flags field in the IP header.

  4. (Optional) Configure the mask that is associated with the IP flag.

  5. (Optional) Configure the value of the fragment offset field.

  6. (Optional) Configure the packet length on which to match. The length refers only to the IP packet, including the packet header, and does not include any layer 2 encapsulation overhead.

  7. Configure the protocol matched by this classify-traffic condition.

  8. (Optional) Verify the IPSec condition configuration.