Configuring IKE Trace Options
Trace options is used for debugging and managing the IPSec IKE.
To configure IPSec IKE trace options, complete the following steps:
1. Provide the name of the file in which trace information has to be written:
root@ipsec-nm# set security ike traceoptions file file-name
2. Specify the maximum size of the trace file:
root@ipsec-nm# set security ike traceoptions file size file-size
3. Specify the parameters to trace information for IKE:
root@ipsec-nm# set security ike traceoptions flag all
Related
Documentation
ike on page 192•
Configuring IPSec
IPSec is a suite of related protocols for cryptographically securing communications at
the IP Packet Layer. IPSec also provides methods for the manual and automatic
negotiation of security associations (SAs) and key distribution, all the attributes for which
are gathered in a domain of interpretation (DOI). The IPSec DOI is a document containing
definitions for all the security parameters and attributes required for SA and IKE
negotiations. See RFC 2407 and RFC 2408 for more information.
Ensure that connectivity to the host is not lost during the configuration process.
Configuring IPSec Proposals
An IPSec proposal lists protocols and algorithms or security services to be negotiated
with the remote IPSec peer.
To configure IPSec proposals, complete the following steps:
1. Define an IPSec proposal and protocol for the proposal:
root@ipsec-nm# set security ipsec proposal ipsec-proposal-name protocol esp
2. Define an authentication algorithm for the IPSec proposal:
root@ipsec-nm# set security ipsec proposal ipsec-proposal-name authentication-algorithm
hmac-sha1-96
3. Define an encryption algorithm for the IPSec proposal:
175Copyright © 2017, Juniper Networks, Inc.
Chapter 8: Understanding IPSec-NM
To Next Page
Loading...
