[Prev][Next][Report an Error]

Configuring an IPsec Phase 2 Proposal—Quick Configuration (Dynamic VPNs)

You can use J-Web Quick Configuration to quickly configure IPsec Phase 2 proposals.

Before You Begin

For background information, read:

  • "Dynamic Virtual Private Networks (VPNs)" chapter in the JUNOS Software Security Configuration Guide.

Figure 11 shows the Quick Configuration page where you can select an existing proposal, or click Add to create a new one.

Figure 11: Phase 2 Proposal Quick Configuration Page – Adding a Proposal

Phase 2 Proposal
Quick Configuration Page – Adding a Proposal

Figure 12 shows the Quick Configuration page where you create a new proposal.

Figure 12: Phase 2 Proposal Quick Configuration Page – Configuring a Proposal

Phase 2 Proposal
Quick Configuration Page – Configuring a Proposal

To configure an IPsec Phase 2 proposal with Quick Configuration:

  1. Select Configuration>Quick Configuration>Dynamic VPN>IPSec AutoKey.
  2. Select the IPsec Phase 2 Proposal tab if it is not selected
  3. To modify an existing proposal, click the appropriate link in the Name column to go to the proposal’s configuration page. Or, select the proposal from among those listed and click one of the following buttons:
  4. To configure a new Phase 2 proposal, click Add.
  5. Fill in the options as described in Table 6.
  6. Click one of the following buttons:

Table 6: IPsec Phase 2 Proposal Options

Field

Function

Action

IPsec Proposal (Phase 2)

Name

Name to identify the Phase 2 proposal.

Enter a name.

Description

Description of the Phase 2 proposal.

Enter a brief description of the proposal.

Authentication algorithm

Hash algorithm that authenticates packet data. You can choose one of the following:

  • hmac-md5-96—Produces a 128-bit digest.
  • hmac-sha1-96—Produces a 160-bit digest.

Select a hash algorithm.

Encryption algorithm

IKE algorithm used to encrypt data. You can choose one of the following:

  • 3des-cbc—Has a block size of 24 bytes; the key size is 192 bits long.
  • aes-128-cbc—AES 128-bit encryption algorithm.
  • aes-192-cbc—AES 192-bit encryption algorithm.
  • aes-256-cbc—AES 256-bit encryption algorithm.
  • des-cbc—Has a block size of 8 bytes; the key size is 48 bits long.

Select an encryption algorithm.

Lifetime kilobytes

Lifetime (in kilobytes) of an IPsec security association (SA). The SA is terminated when the specified number of kilobytes of traffic have passed.

Enter a value from 64 through 1,048,576 bytes.

Lifetime seconds

Lifetime (in seconds) of an IKE security association (SA). When the SA expires, it is either replaced by a new SA and security parameter index (SPI) or the SA is terminated.

Enter a value from 180 through 86,400 seconds.

Protocol

Type of security protocol. Supported options include:

  • ah—Authentication Header (AH) protocol verifies the authenticity/integrity of the content and origin of a packet.
  • esp—Encapsulating Security Payload (ESP) protocol ensures privacy (encryption) and source authentication and content integrity (authentication).

Select a protocol for the proposal.


[Prev][Next][Report an Error]