Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


server-member-communication (Security Group VPN Server)


Hierarchy Level


Enable and configure server to member communication. When these options are configured, group members receive new keys before current keys expire. Starting with Junos OS Release 15.1X49-D80, the minimum value that you can configure for the lifetime-seconds option is 300 seconds instead of 180 seconds.


  • certificate certificate-id—Specify the certificate identification. Only RSA keys are supported.

  • communication-type—Configure unicast (the default).

  • encryption-algorithm—Encryption used for communications between the group server and group member. Specify aes-128-cbc, aes-192-cbc, or aes-256-cbc.

  • lifetime-seconds seconds—Lifetime, in seconds, of the key encryption key (KEK). Specify a value from 300 to 86,400. The default is 3600 seconds.

  • number-of-retransmission number—For unicast communications, the number of times the group server retransmits messages to a group member when there is no reply. Specify a value from 0 to 60. The default is 2.

  • retransmission-period seconds—The time period between a transmission and the first retransmission when there is no reply from the group member. Specify a value from 2 to 60. The default is 10 seconds.

  • sig-hash-algorithm—Authentication algorithm used to authenticate the group member to the group server. Specify sha-256 or sha-384.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 10.2