Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
Download This Guide
Configuring Manual SAs
On the ES PIC, you configure a manual security association at the [edit security ipsec security-association name] hierarchy level. Include your choices for authentication, encryption, direction, mode, protocol, and SPI. Be sure that these choices are configured exactly the same way on the remote IPSec gateway.
[edit security]
ipsec {security-association sa-name {description description;manual {direction (inbound | outbound | bidirectional) {authentication {algorithm (hmac-md5-96 | hmac-sha1-96); key (ascii-text key | hexadecimal key); }auxiliary-spi auxiliary-spi;encryption {algorithm (des-cbc | 3des-cbc); key (ascii-text key | hexadecimal key); }protocol (ah | esp | bundle); spi spi-value; }}mode (tunnel | transport); }}
On the AS and MultiServices PICs, you configure a manual security association at the [edit services ipsec-vpn rule rule-name] hierarchy level. Include your choices for authentication, encryption, direction, protocol, and SPI. Be sure that these choices are configured exactly the same way on the remote IPSec gateway.
[edit services ipsec-vpn]
rule rule-name {match-direction (input | output);term term-name {from {destination-address address;source-address address;}then {backup-remote-gateway address;clear-dont-fragment-bit;manual {direction (inbound | outbound | bidirectional) {authentication {algorithm (hmac-md5-96 | hmac-sha1-96);key (ascii-text key | hexadecimal key); }auxiliary-spi spi-value;encryption {algorithm algorithm; # This can be aes-128-cbc, aes-192-cbc,# aes-256-cbc, des-cbc, or 3des-cbc.key (ascii-text key | hexadecimal key); }protocol (ah | bundle | esp);spi spi-value;}}no-anti-replay;remote-gateway address;syslog;}}}
rule-set rule-set-name {[ rule rule-names ];}
