policy (Security Group VPN IKE)
Syntax
policy policy-name {
description description;
mode2 (aggressive | main);
pre-shared-key (ascii-text key | hexadecimal key);
proposals proposal-name;
}
Hierarchy Level
[edit security group-vpn member ike] [edit security group-vpn server ike]
Description
Configure an IKE policy. An IKE policy defines a combination of security parameters (IKE proposals) to be used during IKE negotiation. It defines a peer address, the preshared key for the given peer, and the proposals needed for that connection. During the IKE negotiation, IKE looks for an IKE policy that is the same on both peers. The peer that initiates the negotiation sends all its policies to the remote peer, and the remote peer tries to find a match.
Options
| policy policy-name | Name of the IKE policy. The policy name can be up to 32 alphanumeric characters long. |
| description description | Specify descriptive text for an IKE policy. |
| mode | Define the mode used for Internet Key Exchange (IKE) Phase 1 negotiations. |
| pre-shared-key |
Define a preshared key for an IKE policy. Preshared keys are used to secure the Phase 1 SAs between the root-server and the sub-servers and between the sub-servers and the group members. Ensure that the preshared keys used are strong keys. On the sub-servers, the preshared key configured for the IKEpolicy RootSrv must match the preshared key configured on the root-server, and the preshared key configured for the IKE policy GMs must match the preshared key configured on the group members. |
| proposals proposal-name | Specify up to four Phase 1 proposals for an IKE policy. If you include multiple proposals, use the same Diffie-Hellman group in all of the proposals. |
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 10.2.