Configuring an IPsec Phase 2 Proposal—Quick Configuration (Dynamic VPNs)

You can use J-Web Quick Configuration to quickly configure IPsec Phase 2 proposals.

Before You Begin
For background information, read: "Dynamic Virtual Private Networks (VPNs)" chapter in the JUNOS Software Security Configuration Guide.

Before You Begin

For background information, read:

"Dynamic Virtual Private Networks (VPNs)" chapter in the JUNOS Software Security Configuration Guide.

Figure 83 shows the Quick Configuration page where you can select an existing proposal, or click Add to create a new one.

Figure 83: Phase 2 Proposal Quick Configuration Page – Adding a Proposal

Phase 2 Proposal
Quick Configuration Page – Adding a Proposal

Figure 84 shows the Quick Configuration page where you create a new proposal.

Figure 84: Phase 2 Proposal Quick Configuration Page – Configuring a Proposal

Phase 2 Proposal
Quick Configuration Page – Configuring a Proposal

To configure an IPsec Phase 2 proposal with Quick Configuration:

Select Configuration>Quick Configuration>Dynamic VPN>IPSec AutoKey.
Select the IPsec Phase 2 Proposal tab if it is not selected
To modify an existing proposal, click the appropriate link in the Name column to go to the proposal’s configuration page. Or, select the proposal from among those listed and click one of the following buttons:
- To apply the configuration, click Apply.
- To delete the configuration, click Delete.
To configure a new Phase 2 proposal, click Add.
Fill in the options as described in Table 141.
Click one of the following buttons:
- To apply the configuration, click OK.
- To cancel the configuration and return to the main Configuration page, click Cancel.

Table 141: IPsec Phase 2 Proposal Options

Field	Function	Action
IPsec Proposal (Phase 2)
Name	Name to identify the Phase 2 proposal.	Enter a name.
Description	Description of the Phase 2 proposal.	Enter a brief description of the proposal.
Authentication algorithm	Hash algorithm that authenticates packet data. You can choose one of the following: hmac-md5-96—Produces a 128-bit digest. hmac-sha1-96—Produces a 160-bit digest.	Select a hash algorithm.
Encryption algorithm	IKE algorithm used to encrypt data. You can choose one of the following: 3des-cbc—Has a block size of 24 bytes; the key size is 192 bits long. aes-128-cbc—AES 128-bit encryption algorithm. aes-192-cbc—AES 192-bit encryption algorithm. aes-256-cbc—AES 256-bit encryption algorithm. des-cbc—Has a block size of 8 bytes; the key size is 48 bits long.	Select an encryption algorithm.
Lifetime kilobytes	Lifetime (in kilobytes) of an IPsec security association (SA). The SA is terminated when the specified number of kilobytes of traffic have passed.	Enter a value from 64 through 1,048,576 bytes.
Lifetime seconds	Lifetime (in seconds) of an IKE security association (SA). When the SA expires, it is either replaced by a new SA and security parameter index (SPI) or the SA is terminated.	Enter a value from 180 through 86,400 seconds.
Protocol	Type of security protocol. Supported options include: ah—Authentication Header (AH) protocol verifies the authenticity/integrity of the content and origin of a packet. esp—Encapsulating Security Payload (ESP) protocol ensures privacy (encryption) and source authentication and content integrity (authentication).	Select a protocol for the proposal.

[Prev][Next][Report an Error]