security-association (Junos-FIPS Software)
Syntax
security-association sa-name {
dynamic {
ipsec-policy policy-name;
replay-window-size (32 | 64);
}
manual {
direction (inbound | outbound | bi-directional) {
authentication {
algorithm (hmac-sha1-96 | hmac-sha2-256);
key (ascii-text key | hexadecimal key);
}
auxiliary-spi auxiliary-spi-value;
encryption {
algorithm 3des-cbc;
key (ascii-text key | hexadecimal key);
}
protocol ( ah | esp | bundle);
spi spi-value;
}
mode (tunnel | transport);
}
}
Hierarchy Level
[edit security ipsec]
Description
Configure an IPsec security association.
Options
sa-name—Name
of the security association.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
Crypto Officer—To view and add this statement in the configuration.
Release Information
Statement introduced before Junos OS Release 7.4.
Note:
We recommend that you configure the IPsec keys as hexadecimal keys for maximum key strength with Junos OS in FIPS mode.