Example: Configuring an IPsec Phase 2 Proposal (CLI)

When configuring Phase 2 of an IPsec tunnel, you first configure proposals, then policies, and finally the AutoKey IKE. The following example-based instructions show how to create the initial proposal.

In Phase 2 proposal configuration, you must create a proposal, specify a security protocol, and select authentication and encryption algorithms for the traffic that will flow through the tunnel. In this example, you create a proposal called ipsec_prop_1, specify ESP as the security protocol, and set hmac-md5-96 as the authentication algorithm and 3des-cbc as the encryption algorithm. You also specify that the security association (SA) terminates after 1,800 KB of data pass through it.

To configure an IPsec Phase 2 proposal using the CLI editor:

user@host# set security ipsec proposal ipsec_prop_1 description "new ipsec proposal"user@host# set security ipsec proposal ipsec_prop_1 protocol espuser@host# set security ipsec proposal ipsec_prop_1 authentication-algorithm hmac-md5-96user@host# set security ipsec proposal ipsec_prop_1 encryption-algorithm 3des-cbcuser@host# set security ipsec proposal ipsec_prop_1 lifetime-seconds 1800

Use the following command to display information about this IKE proposal:

user@host# show security ipsec proposal ipsec_prop_1

Related Topics

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.