Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Minimum Security Association Configurations

The following sections show the minimum configurations necessary to set up security associations (SAs) for IPsec services:

Minimum Manual SA Configuration

To define a manual SA configuration, you must include at least the following statements at the [edit services ipsec-vpn rule rule-name term term-name then manual] hierarchy level:

Minimum Dynamic SA Configuration

To define a dynamic SA configuration, you must include at least the following statements at the [edit services ipsec-vpn] hierarchy level:

Note:

  • Starting with Junos OS Release 11.4, both IKEv1 and IKEv2 are supported by default on all M Series, MX Series, and T Series routers. The version statement at the [edit services ipsec-vpn ike policy name] hierarchy level allows you to configure the specific IKE version to be supported.

  • The mode statement at the [edit services ipsec-vpn ike policy name] hierarchy level is required only if the version option is set to 1.

You must also include the ipsec-policy statement at the [edit services ipsec-vpn rule rule-name term term-name then dynamic] hierarchy level.

Related Documentation