[an error occurred while processing this directive][an error occurred while processing this directive]

Example: Configuring an IPsec Policy

The following example shows how to configure an IPsec policy:

[edit security ipsec]proposal dynamic-1 {protocol esp;authentication-algorithm hmac-md5-96;encryption-algorithm 3des-cbc;lifetime-seconds 6000;}proposal dynamic-2 {protocol esp;authentication-algorithm hmac-sha1-96;encryption-algorithm 3des-cbc;lifetime-seconds 6000;}policy dynamic-policy-1 {perfect-forward-secrecy {keys group1;}proposals [ dynamic-1 dynamic-2 ];}security-association dynamic-sa1 {dynamic {replay-window-size 64;ipsec-policy dynamic-policy-1;}}

Note: Updates to the current IPsec proposal and policy configuration are not applied to the current IPsec SA; updates are applied to new IPsec SAs.

If you want the new updates to take immediate effect, you must clear the existing IPsec security associations so that they will be reestablished with the changed configuration. For information about how to clear the current IPsec security association, see the JUNOS System Basics and Services Command Reference.


Published: 2010-04-26

[an error occurred while processing this directive]