Table of Contents
Advertisement
[edit security ike] Hierarchy Level
Copyright © 2016, Juniper Networks, Inc.
security {
ike {
gateway gateway-name {
address [ip-address-or-hostname];
dead-peer-detection {
(always-send | optimized | probe-idle-tunnel);
interval seconds;
threshold number;
}
dynamic {
connections-limit number;
(distinguished-name <container container-string> <wildcard wildcard-string> |
hostname domain-name | inet ip-address | inet6 ipv6-address | user-at-hostname
e-mail-address);
ike-user-type (group-ike-id | shared-ike-id);
}
external-interface external-interface-name;
general-ikeid;
ike-policy policy-name;
local-address (ipv4-address | ipv6-address);
local-identity {
(distinguished-name | hostname hostname | inet ip-address | inet6 ipv6-address
| user-at-hostname e-mail-address);
}
nat-keepalive seconds;
no-nat-traversal;
remote-identity {
(distinguished-name <container container-string> <wildcard wildcard-string> |
hostname hostname | inet ip-address | inet6 ipv6-address | user-at-hostname
e-mail-address);
}
version (v1-only | v2-only);
xauth {
access-profile profile-name;
}
}
policy policy-name {
certificate {
local-certificate certificate-id;
peer-certificate-type (pkcs7 | x509-signature);
}
description description;
mode (aggressive | main);
pre-shared-key (ascii-text key | hexadecimal key);
proposal-set (basic | compatible | standard } suiteb-gcm-128 | suiteb-gcm-256);
proposals [proposal-name];
}
proposal proposal-name {
authentication-algorithm (md5 | sha-256 | sha-384| sha1);
authentication-method (dsa-signatures | ecdsa-signatures-256 |
ecdsa-signatures-384 | pre-shared-keys | rsa-signatures);
description description;
Chapter 11: Configuration Statements
87
Advertisement
Table of Contents
