Example: Configuring an IPsec Policy (CLI)
When configuring Phase 2 of an IPsec tunnel, you first configure proposals, then policies, and finally the AutoKey IKE. The following example-based instructions show how to create the policy.
In Phase 2 IPsec policy configuration, you must create a policy and reference a Phase 2 proposal. In this example, you create a policy called ipsec_pol_1 and reference the proposal ipsec_prop_1. You also configure Perfect Forward Secrecy (PFS) to use Diffie-Hellman (DH) group 2 as the method the device uses to generate the encryption key.
To configure an IPsec policy using the CLI editor:
user@host# set security ipsec policy ipsec_pol_1
description "new ipsec policy"user@host# set security ipsec policy ipsec_pol_1
perfect-forward-secrecy keys group2user@host# set security ipsec policy ipsec_pol_1
proposals ipsec_prop_1
Use the following command to display information about this IKE proposal:
user@host# show security ipsec policy ipsec_pol_1
Related Topics
- JUNOS Software Feature Support Reference for SRX Series and J Series Devices
- Understanding Phase 2 of IKE Tunnel Negotiation
- IPsec VPN Configuration Overview