An IPSec proposal lists protocols and algorithms (security services) to be negotiated with the remote IPSec peer. To configure an IPSec proposal, include the proposal statement: [edit security ipsec] proposal ike-proposal-name { authentication-algorithm (md5 sha1); authentication-method pre-shared-keys; dh-group (group1 group2); encryption-algorithm (3des-cbc des-cbc); lifetime-seconds seconds; } To configure an IPSec authentication algorithm, include the authentication-algorithm statement. The authentication algorithm can be one of the following:
To configure an IPSec encryption algorithm, include the encryption-algorithm statement. The encryption algorithm can be one of the following:
The IPSec lifetime option sets the lifetime of an IPSec SA. When the SA expires , it is replaced by a new SA (and SPI) or terminated . If you do not configure a lifetime and a lifetime is not sent by a responder , it defaults to 28,800 seconds. To configure the IPSec lifetime, include the lifetime-seconds statement. |