dh-group (group1 | group14 | group19 | group2 | group20 | group24 | group5);
encryption-algorithm (3des-cbc | aes-128-cbc | aes-192-cbc | aes-256-cbc | des-cbc);
lifetime-seconds seconds;
}
respond-bad-spi <max-responses>;
traceoptions {
file {
filename;
files number;
match regular-expression;
(no-world-readable | world-readable);
size maximum-file-size;
}
flag flag;
no-remote-trace;
rate-limit messages-per-second;
}
}
}
Related
Documentation
Security Configuration Statement Hierarchy on page 75•
• IPsec VPN Overview
[edit security ipsec] Hierarchy Level
security {
ipsec {
internal {
security-association {
manual encryption {
iked_encryption enabled;
algorithm 3des-cbc;
key ascii-text key;
}
}
}
policy policy-name {
description description;
perfect-forward-secrecy keys (group1 | group14 | group19 | group2 | group20 | group24
| group5);
proposal-set (basic | compatible | standard | suiteb-gcm-128 | suiteb-gcm-256);
proposals [proposal-name];
}
proposal proposal-name {
authentication-algorithm (hmac-md5-96 | hmac-sha-256-128 | hmac-sha-256-96
| hmac-sha1-96);
description description;
encryption-algorithm (3des-cbc | aes-128-cbc | aes-128-gcm | aes-192-cbc |
aes-192-gcm | aes-256-cbc | aes-256-gcm | des-cbc);
lifetime-kilobytes kilobytes;
lifetime-seconds seconds;
protocol (ah | esp);
}
security-association sa-name {
Copyright © 2016, Juniper Networks, Inc.88
Getting Started Guide for Branch SRX Series
To Next Page
Loading...
