ipsec-sa (Security Group VPN)
Syntax
ipsec-sa name {
match-policy policy-name {
destination ip-address/netmask;
destination-port number;
protocol number;
source ip-address/netmask;
source-port number;
}
proposal proposal-name;
}
Hierarchy Level
[edit security group-vpn server group name]
Description
Configure the group SAs to be downloaded to members. There can be multiple group SAs downloaded to group members.
Options
ipsec-sa name—Define the group SAs to be downloaded
to members.
match-policy policy-name—Configure the group policy with source address, source port, destination address, destination port, and protocol.destination ip-address/netmask—Specify the destination IP address to be matched (0.0.0.0/0 for any).destination-port number—Specify the destination port to be matched (0 for any).protocol number—Specify the protocol number to be matched (0 for any).source ip-address/netmask—Specify the source IP address to be matched (0.0.0.0/0 for any).source-port number—Specify the source port to be matched (0 for any)
proposal proposal-name—Specify the name of the IPsec proposal configured with theproposalconfiguration statement at the [edit security group-vpn server ipsec] hierarchy.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 10.2.