Navigation
Configuring Dynamic IPsec Security Associations
You configure dynamic SAs with a set of proposals that are negotiated by the security gateways. The keys are generated as part of the negotiation and do not need to be specified in the configuration. The dynamic SA includes one or more proposals, which allow you to prioritize a list of protocols and algorithms to be negotiated with the peer.
To configure a dynamic SA, include the dynamic statement at the [edit security ipsec security-association sa-name] hierarchy level. Specify an IPsec policy name, and optionally, a 32-packet or 64-packet replay window size.
[edit security ipsec security-association sa-name]dynamic {ipsec-policy policy-name;replay-window-size (32 | 64);}
