ipsec (Security Interfaces)
Syntax
ipsec {
security-association {
manual {
direction (bidirectional | inbound | outbound) {
protocol esp;
spi spi-value;
encryption {
algorithm 3des-cbc;
key (ascii-text ascii-text-string | hexadecimal hexadecimal-string);
}
}
}
}
policy ipsec-policy-name {
perfect-forward-secrecy {
keys (group1 | group2);
}
proposals [ proposal-names ];
}
proposal ipsec-proposal-name {
authentication-algorithm (hmac-sha1-96 | hmac-sha2-256);
encryption-algorithm (3des-cbc | des-cbc);
lifetime-seconds seconds;
protocol (ah | esp | bundle);
}
security-association name {
dynamic {
ipsec-policy policy-name;
replay-window-size (32 | 64);
}
manual {
direction (inbound | outbound | bi-directional) {
authentication {
algorithm (hmac-sha1-96 | hmac-sha2-256);
key (ascii-text key | hexadecimal key);
}
auxiliary-spi auxiliary-spi-value;
encryption {
algorithm (des-cbc | 3des-cbc);
key (ascii-text key | hexadecimal key);
}
protocol (ah | esp | bundle);
spi spi-value;
}
}
mode (tunnel | transport);
}
traceoptions {
file <files number> < size size>;
flag all;
flag database;
flag general;
flag ike;
flag parse;
flag policy-manager;
flag routing-socket;
flag timer;
}
}
Hierarchy Level
[edit security]
Description
Configure IPsec on encryption interfaces.
Note:
You must configure the IPsec keys as hexadecimal keys for maximum key strength with Junos OS in FIPS mode.
Options
The remaining statements are explained separately.
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced before Junos OS Release 7.4.