Configuring an IPSec Proposal

An IPSec proposal lists protocols and algorithms (security services) to be negotiated with the remote IPSec peer. To configure an IPSec proposal, include the proposal statement:

[edit security ipsec] 
proposal ike-proposal-name {
  authentication-algorithm (md5 | sha1);
  authentication-method pre-shared-keys;
  dh-group (group1 | group2);
  encryption-algorithm (3des-cbc | des-cbc);
  lifetime-seconds seconds;
}

To configure an IPSec authentication algorithm, include the authentication-algorithm statement. The authentication algorithm can be one of the following:

  • hmac-md5-96— Hash algorithm that authenticates packet data, producing a 128-bit digest

  • hmac-sha1-96— Hash algorithm that authenticates packet data, producing a 160-bit ...

Get Juniper Networks® Field Guide and Reference now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.