internal (Security IPsec)
Syntax
internal {
security-association {
manual {
encryption {
algorithm (3des-cbc | aes-128-cbc);
ike-ha-link-encryption enable;
key ascii-text;
}
}
}
}
Hierarchy Level
[edit security ipsec]
Description
Enable secure login and to prevent attackers from gaining privileged access through this control port by configuring the internal IP security (IPsec) security association (SA).
When the internal
IPsec is configured, IPsec-based rlogin and remote command
(rcmd) are enforced, so an attacker cannot gain unauthorized
information.
Options
| security-association | Specify an IPsec SA. An SA is a simplex connection that allows two hosts to communicate with each other securely by means of IPsec. |
| manual encryption | Specify a manual SA. Manual SAs require no negotiation; all values, including the keys, are static and specified in the configuration. |
| algorithm 3des-cbc | Specify the encryption algorithm for the internal Routing-Engine-to-Routing-Engine IPsec SA configuration. |
| algorithm aes-128-cbc | Specify the encryption algorithm for high availability encryption link. |
| iked-ha-link-encryption | Enable encryption for internal messages.
|
| key ascii-text | Specify the encryption key. You must ensure that the manual encryption key is in ASCII text and 24 characters long; otherwise, the configuration will result in a commit failure. |
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 12.1X45-D10.
Support for ike-ha-link-encryption option added in
Junos OS Release 12.1X47-D15.
Support for iked_encryption option added in Junos OS Release 12.1X47-D10.
Support for aes-128-cbc option added in Junos OS
Release 19.1R1.
Support for ike-ha-link-encryption option added for vSRX Virtual Firewall in
Junos OS Release 19.4R1