security-association (Junos OS)
Syntax
security-association sa-name {
dynamic {
ipsec-policy policy-name;
replay-window-size (32 | 64);
}
manual {
direction (inbound | outbound | bi-directional) {
authentication {
algorithm (hmac-sha1-96 | hmac-sha2-256);
key (ascii-text key | hexadecimal key);
}
auxiliary-spi auxiliary-spi-value;
encryption {
algorithm (des-cbc | 3des-cbc);
key (ascii-text key | hexadecimal key);
}
protocol ( ah | esp | bundle);
spi spi-value;
}
mode (tunnel | transport);
}
}
Hierarchy Level
[edit security ipsec]
Description
Configure an IPsec security association.
Options
sa-name—Name
of the security association.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced before Junos OS Release 7.4.
Note:
You must configure the IPsec keys as hexadecimal keys for maximum key strength with Junos OS in FIPS mode.