Juniper Networks® Field Guide and Reference

Configuring Dynamic Security Associations

You configure dynamic SAs with a set of proposals negotiated by the security gateways. The keys are generated as part of the negotiation and therefore do not need to be specified in the configuration. The dynamic SA includes one or more proposals, which allow you to prioritize a list of protocols and algorithms to be negotiated with the peer.

To enable a dynamic SA, configure IKE proposals and IKE policies associated with these proposals, configure IPSec proposals and an IPSec policy associated with these proposals, and associate an SA with an IPSec policy. To associate an SA with an IPSec policy, include the dynamic statement:

[edit security ipsec security-association name] 
dynamic ipsec-policy policy-name; ...

Get Juniper Networks® Field Guide and Reference now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Juniper Networks® Field Guide and Reference by Aviva Garrett, Gary Drenan, Cris Morris, Juniper Networks®

Configuring Dynamic Security Associations

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly