[Prev][Next][Report an Error]

Configuring an IPsec Policy—J-Web Quick Configuration (Standard VPNs)

You can use J-Web Quick Configuration to quickly configure an IPsec policy.

Before You Begin

For background information, read

  • "Internet Protocol Security (IPsec)" chapter in the JUNOS Software Security Configuration Guide.

To configure an IPsec policy with Quick Configuration:

  1. Select Configure>IPSec VPN>IPSec AutoKey.
  2. Select the IPSec Policy tab if it is not selected.
  3. You can use an existing policy when configure the gateway or you can create a new by clicking Add.
  4. Fill in the options as described in Table 162.
  5. Click one of the following buttons:

Table 162: IPsec Policy Configuration Options

Field

Function

Action

IPsec Policy

Name

Name of the IPsec policy.

Enter a name.

Description

Description of the policy.

Enter a text description.

Perfect Forward Secrecy

The method the device uses to generate the encryption key. PFS generates each new encryption key independently from the previous key.

  • group1—Diffie-Hellman Group 1.
  • group2—Diffie-Hellman Group 2.
  • group5—Diffie-Hellman Group 5.

Select a method.

Proposal

Predefined

A set of default Internet Key Exchange (IKE) proposals.

  • basic—Basic set of two IKE proposals:
    • Proposal 1—Preshared key, Data Encryption Standard (DES) encryption, and Diffie-Hellman Group 1 and Secure Hash Algorithm 1 (SHA-1) authentication
    • Proposal 2—Preshared key, DES encryption, and Diffie-Hellman Group 1 and MD5 authentication
  • compatible—Set of four commonly used IKE proposals:
    • Proposal 1—Preshared key, triple DES (3DES) encryption, and G2 and SHA-1 authentication
    • Proposal 2—Preshared key, 3DES, and Diffie-Hellman Group 2 and MD5 authentication
    • Proposal 3—Preshared key, DES encryption, and Diffie-Hellman Group 2 and SHA-1 authentication
    • Proposal 4—Preshared key, DES encryption, and Diffie-Hellman Group 2 and MD5 authentication
  • standard—Standard set of two IKE proposals:
    • Proposal 1— Preshared key, 3DES encryption, and Diffie-Hellman Group 2 and SHA-1 authentication
    • Proposal 2—Preshared key, Advanced Encryption Standard (AES) 128-bit encryption, and Diffie-Hellman Group 2 and SHA-1 authentication

Click Predefined, and select one of the following options:

  • basic
  • predefined
  • standard

User Defined

A list of proposals you previously defined.

Click User Defined and select proposals from the Available list, then click right arrow button to move them to the Selected list.


[Prev][Next][Report an Error]