ike
Syntax
ike {
proposal proposal-name {
authentication-algorithm (sha1 | sha-256 | sha-384);
authentication-method (ecdsa-signatures-256 | ecdsa-signatures-384 | pre-shared-keys | rsa-signatures);
description description;
dh-group (group1 | group2 | group5 |group14 | group15 | group16 | group19 | group20 | group24);
encryption-algorithm algorithm;
lifetime-seconds seconds;
}
policy policy-name {
description description;
local-certificate identifier;
local-id (ipv4_addr ipv4-address | ipv6-addr ipv6-address | key-id identifier);
version (1 | 2);
mode (aggressive | main);
pre-shared-key (ascii-text key | hexadecimal key);
proposals [ proposal-names ];
remote-id {
any-remote-id;
ipv4_addr [ values ];
ipv6_addr [ values ];
key_id [ values ];
}
}
}
Hierarchy Level
[edit services ipsec-vpn]
Description
Configure IKE.
The remaining statements are explained separately.
Note:
In Junos FIPS mode, the aggressive option of
the mode statement is not supported.
Note:
In Junos FIPS mode, ECDSA options of the authentication-method statement are not supported in Junos OS Release 17.3R1. Starting
in Junos OS Release 17.4R1, ECDSA is supported in Junos FIPS mode.
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced before Junos OS Release 7.4.