Configuring an IKE Phase 1 Proposal—Quick Configuration (Dynamic VPNs)

You can use J-Web Quick Configuration to quickly configure an IKE Phase 1 proposal.

Before You Begin
For background information, read: "Dynamic Virtual Private Networks (VPNs)" chapter in the JUNOS Software Security Configuration Guide.

Before You Begin

For background information, read:

"Dynamic Virtual Private Networks (VPNs)" chapter in the JUNOS Software Security Configuration Guide.

Figure 5 shows the Quick Configuration page where you can select an existing proposal, or click Add to create a new one.

Figure 5: IKE Phase 1 Proposal Quick Configuration Page – Adding a Proposal

IKE Phase 1
Proposal Quick Configuration Page – Adding a Proposal

Figure 6 shows the Quick Configuration page where you create a new proposal.

Figure 6: IKE Phase 1 Proposal Quick Configuration Page – Configuring a Proposal

IKE Phase 1 Proposal
Quick Configuration Page – Configuring a Proposal

To configure a Phase 1 Proposal with Quick Configuration:

Select Configuration>Quick Configuration>Dynamic VPN>IKE.
Select the Phase 1 Proposal tab if it is not selected.
To modify an existing proposal, click the appropriate link in the Name column to go to the proposal’s configuration page. Or, select the proposal from among those listed and click one of the following buttons:
- To apply the configuration, click Apply.
- To delete the configuration, click Delete.
To configure a new Phase 1 proposal, click Add.
Fill in the options as described in Table 3.
Click one of the following buttons:
- To apply the configuration, click OK.
- To cancel the configuration and return to the main Configuration page, click Cancel.

Table 3: Phase 1 Proposal Configuration Options

Field	Function	Action
IKE Proposal (Phase 1)
Name	Name to identify the proposal.	Enter a name.
Authentication algorithm	Authentication Header (AH) algorithm the device uses to verify the authenticity and integrity of a packet. Supported algorithms include the following: md5—Produces a 128-bit digest. sha1—Produces a 160-bit digest. sha-256—Produces a 256-bit digest.	Select an authentication algorithm.
Authentication method	Method the device uses to authenticate the source of Internet Key Exchange (IKE) messages. The dynamic VPN feature only uses preshared keys for authentication. With this method, both participants must have the key before beginning tunnel negotiations.	No action is required. The device displays this information for informational purposes only.
Description	Description of the proposal.	Enter a brief description of the Phase 1 proposal.
Dh group	Allow participants to produce a shared secret value over an unsecured medium without actually transmitting the value across the connection.	Select a Diffie-Hellman group. If you configure multiple (up to four) proposals for Phase 1 negotiations, use the same Diffie-Hellman group in all proposals.
Encryption algorithm	Supported Internet Key Exchange (IKE) proposals include the following: 3des-cbc—3DES-CBC encryption algorithm aes-128-cbc—AES-CBC 128-bit encryption algorithm aes-192-cbc—AES-CBC 192-bit encryption algorithm aes-256-cbc—AES-CBC 256-bit encryption algorithm des-cbc—DES-CBC encryption algorithm	Select an encryption algorithm.
Lifetime seconds	Lifetime (in seconds) of an IKE security association (SA). When the SA expires, it is either replaced by a new SA and security parameter index (SPI) or the SA is terminated.	Select a lifetime for the IKE security association (SA). Range: 180 through 86,400 seconds. Default: 3,600 seconds.

[Prev][Next][Report an Error]