proposal (Security Group VPN Server IPsec)
Syntax
proposal proposal-name {
authentication-algorithm (hmac-sha-256-128);
description description;
encryption-algorithm (aes-128-cbc | aes-192-cbc | aes-256-cbc);
lifetime-seconds seconds;
}
Hierarchy Level
[edit security group-vpn server ipsec]
Description
Define an IPsec proposal. Group VPNv2 is supported on SRX300, SRX320, SRX340, SRX345, SRX550HM, SRX1500, SRX4100, SRX4200, and SRX4600 devices and vSRX Virtual Firewall instances.
Options
proposal-name—Name of the IPsec proposal.
authentication-algorithm hmac-sha-256-128—Configure the IPsec authentication algorithm. Produces
a 256-bit digest, truncated to 128 bits. This is the default value.
description description—Text
the description of IPsec proposal.
encryption-algorithm—Configure an encryption
algorithm. The device deletes existing IPsec SAs when you update the encryption-algorithm configuration in the IPsec proposal.
aes-128-cbc—Advanced Encryption Standard (AES) 128-bit encryption algorithm.aes-192-cbc—AES 192-bit encryption algorithm.aes-256-cbc—AES 256-bit encryption algorithm. This is the default value.
lifetime-seconds seconds—Specify
the lifetime (in seconds) of an IPsec security association (SA) for
group VPN. When the SA expires, it is replaced by a new SA and security
parameter index (SPI) or terminated. Specify a value from 180 to 86,400
seconds. The default is 3600 seconds.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 10.2.