Navigation
Related Documentation
- Junos OS Feature Support Reference for SRX Series and J Series Devices
[edit security group-vpn] Hierarchy Level
security {group-vpn {co-location;member {ike {gateway gateway-name {address [ip-address-or-hostname];ike-policy policy-name;local-address ip-address;local-identity {(distinguished-name | hostname hostname | inet ip-address | user-at-hostname e-mail-address);}}policy policy-name {certificate {local-certificate certificate-id;peer-certificate-type [pkcs7 | x509-signature);}description description;mode (aggressive | main); pre-shared-key (ascii-text key | hexadecimal key);proposal-set (basic | compatible | standard);proposals [proposal-name];}proposal proposal-name {authentication-algorithm (md5 | sha-256 | sha1);authentication-method (dsa-signatures | pre-shared-keys | rsa-signatures);description description;dh-group (group1 | group14 | group2 | group5);encryption-algorithm (3des-cbc | aes-128-cbc | aes-192-cbc | aes-256-cbc | des-cbc);lifetime-seconds seconds;}}ipsec {vpn vpn-name {group id;group-vpn-external-interface interface;heartbeat-threshold number;ike-gateway gateway-name;}}}server {group name {activation-time-delay seconds;anti-replay-time-window seconds;description description;group-id number;ike-gateway gateway-name;ipsec-sa name {match-policy policy-name {destination ip-address/netmask;destination-port number;protocol number;source ip-address/netmask;source-port number;}proposal proposal-name;}no-anti-replay;server-address ip-address;server-member-communication {certificate certificate-id;communication-type (multicast | unicast);encryption-algorithm (3des-cbc | aes-128-cbc | aes-192-cbc | aes-256-cbc | des-cbc);heartbeat seconds;lifetime-seconds seconds;multicast-group address;multicast-outgoing-interface interface;number-of-retransmission number;retransmission-period seconds;sig-hash-algorithm (md5 | sha1);}}ike {gateway gateway-name {address ip-address-or-hostname;dynamic {(distinguished-name <container container-string> <wildcard wildcard-string> | hostname domain-name | inet ip-address | user-at-hostname e-mail-address);}ike-policy policy-name;local-identity {(distinguished-name | hostname hostname | inet ip-address | user-at-hostname e-mail-address);}}policy policy-name {certificate {local-certificate certificate-id;peer-certificate-type [pkcs7 | x509-signature);}description description;mode (aggressive | main); pre-shared-key (ascii-text key | hexadecimal key);proposal-set (basic | compatible | standard);proposals [proposal-name];}proposal proposal-name {authentication-algorithm (md5 | sha-256 | sha1);authentication-method (dsa-signatures | pre-shared-keys | rsa-signatures);description description;dh-group (group1 | group14 | group2 | group5);encryption-algorithm (3des-cbc | aes-128-cbc | aes-192-cbc | aes-256-cbc | des-cbc);}}ipsec {proposal proposal-name {authentication-algorithm (hmac-md5-96 | hmac-sha-256-128 | hmac-sha1-96);description description;encryption-algorithm (3des-cbc | aes-128-cbc | aes-192-cbc | aes-256-cbc | des-cbc);lifetime-seconds seconds;}}traceoptions {file {filename;files number;match regular-expression;size maximum-file-size;(world-readable | no-world-readable);}flag flag;no-remote-trace;}}}}
Related Documentation
- Junos OS Feature Support Reference for SRX Series and J Series Devices
Published: 2013-07-31
Related Documentation
- Junos OS Feature Support Reference for SRX Series and J Series Devices
