server-member-communication (Security Group VPN Server)
Syntax
server-member-communication {
certificate certificate-id;
communication-type (unicast);
encryption-algorithm (aes-128-cbc | aes-192-cbc | aes-256-cbc);
lifetime-seconds seconds;
number-of-retransmission number;
retransmission-period seconds;
sig-hash-algorithm (sha-256 | sha-384);
}
Hierarchy Level
[edit security group-vpn server group name]
Description
Enable and configure server to member
communication. When these options are configured, group members receive
new keys before current keys expire. Starting with Junos OS Release
15.1X49-D80, the minimum value that you can configure for the lifetime-seconds option is 300 seconds instead of 180 seconds.
Options
certificate certificate-id—Specify the certificate identification. Only RSA keys are supported.communication-type—Configureunicast(the default).encryption-algorithm—Encryption used for communications between the group server and group member. Specifyaes-128-cbc,aes-192-cbc, oraes-256-cbc.lifetime-seconds seconds—Lifetime, in seconds, of the key encryption key (KEK). Specify a value from 300 to 86,400. The default is 3600 seconds.number-of-retransmission number—For unicast communications, the number of times the group server retransmits messages to a group member when there is no reply. Specify a value from 0 to 60. The default is 2.retransmission-period seconds—The time period between a transmission and the first retransmission when there is no reply from the group member. Specify a value from 2 to 60. The default is 10 seconds.sig-hash-algorithm—Authentication algorithm used to authenticate the group member to the group server. Specifysha-256orsha-384.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 10.2