NOTE: Setting the anti-replay-window-size and no-anti-replay statements at
the [edit services ipsec-vpn rule rule-name term term-name then] hierarchy
level overrides the settings specified at the [edit services service-set
service-set-name ipsec-vpn-options] hierarchy level.
Configuring IPsec Proposals
An IPsec proposal lists protocols and algorithms (security services) to be negotiated
with the remote IPsec peer.
To configure an IPsec proposal, include the proposal statement and specify an IPsec
proposal name at the [edit services ipsec-vpn ipsec] hierarchy level:
[edit services ipsec-vpn ipsec]
proposal proposal-name {
authentication-algorithm (hmac-sha-256-128 | hmac-sha1-96);
description description;
encryption-algorithm algorithm;
lifetime-seconds seconds;
protocol esp;
}
This section discusses the following topics:
•
Configuring the Authentication Algorithm for an IPsec Proposal on page 1098
•
Configuring the Description for an IPsec Proposal on page 1099
•
Configuring the Encryption Algorithm for an IPsec Proposal on page 1099
•
Configuring the Lifetime for an IPsec SA on page 1099
•
Configuring the Protocol for a Dynamic SA on page 1099
Configuring the Authentication Algorithm for an IPsec Proposal
To configure the authentication algorithm for an IPsec proposal, include the
authentication-algorithm statement at the [edit services ipsec-vpn ipsec proposal
proposal-name] hierarchy level:
[edit services ipsec-vpn ipsec proposal proposal-name]
authentication-algorithm (hmac-sha-256-128| hmac-sha1-96);
ACX Series routers supports the following authentication algorithms:
•
hmac-sha1-96—Hash algorithm that authenticates packet data. Produces a 160-bit
authenticator value.
•
hmac-sha-256-128—Hash algorithm that authenticates packet data. Produces a 256-bit
authenticator value.
Copyright © 2017, Juniper Networks, Inc.1098
ACX Series Universal Access Router Configuration Guide
To Next Page
Loading...
Need help?
General
