Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


ipsec (Security)


Hierarchy Level


Define IPsec configuration. A VPN connection can link two LANs (site-to-site VPN) or a remote dial-up user and a LAN. The traffic that flows between these two points passes through shared resources such as routers, switches, and other network equipment that make up the public WAN. An IPsec tunnel is created between two participant devices to secure VPN communication.



Anti-replay window size.

  • Range: 64 through 8192 bytes

  • Default: 64 bytes


Configure internal IPsec. When the internal IPsec is configured, IPsec-based rlogin and remote command (rcmd) are enforced, so an attacker cannot gain unauthorized information.


Define an IPsec policy. An IPsec policy defines a combination of security parameters (IPsec proposals) used during IPsec negotiation. It defines Perfect Forward Secrecy (PFS) and the proposals needed for the connection.


Name of the IPsec proposal. An IPsec proposal lists protocols and algorithms (security services) to be negotiated with the remote IPsec peer.


Configure a manual IPsec security association (SA) to be applied to an OSPF or OSPFv3 interface or virtual link. IPsec can provide authentication and confidentiality to OSPF or OSPFv3 routing packets.


Configure IPsec tracing options. Trace operations track IPsec events and record them in a log file in the /var/log directory.

vpn vpn-name

Configure an IPsec VPN. A VPN provides a means by which remote computers communicate securely across a public WAN suchas the Internet


Configure VPN monitoring options

interval seconds

Interval at which to send ICMP requests to the peer.

  • Range: 2 through 3600 seconds

  • Default: 10 seconds

threshold number

Number of consecutive unsuccessful pings before the peer is declared unreachable.

  • Range: 1 through 65,535 pings

  • Default: 10 pings

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement modified in Junos OS Release 8.5.

group15, group16, group21, hmac-sha-512 and hmac-sha-384 options introduced in Junos OS Release 19.1R1 on SRX Series Firewalls.