Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


proposal (Security Group VPN Server IPsec)


Hierarchy Level


Define an IPsec proposal. Group VPNv2 is supported on SRX300, SRX320, SRX340, SRX345, SRX550HM, SRX1500, SRX4100, SRX4200, and SRX4600 devices and vSRX Virtual Firewall instances.


proposal-name—Name of the IPsec proposal.

authentication-algorithm hmac-sha-256-128—Configure the IPsec authentication algorithm. Produces a 256-bit digest, truncated to 128 bits. This is the default value.

description description—Text the description of IPsec proposal.

encryption-algorithm—Configure an encryption algorithm. The device deletes existing IPsec SAs when you update the encryption-algorithm configuration in the IPsec proposal.

  • aes-128-cbc—Advanced Encryption Standard (AES) 128-bit encryption algorithm.

  • aes-192-cbc—AES 192-bit encryption algorithm.

  • aes-256-cbc —AES 256-bit encryption algorithm. This is the default value.

lifetime-seconds seconds—Specify the lifetime (in seconds) of an IPsec security association (SA) for group VPN. When the SA expires, it is replaced by a new SA and security parameter index (SPI) or terminated. Specify a value from 180 to 86,400 seconds. The default is 3600 seconds.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 10.2.