Configuring Ike Policies; Configuring The Proposals In An Ike Policy; Configuring The Preshared Key For An Ike Policy - Juniper ACX1000 Configuration Manual

ACX Series Universal Access Router Configuration Guide

Configuring IKE Policies

Configuring the Proposals in an IKE Policy

Configuring the Preshared Key for an IKE Policy

1104
[edit services ipsec-vpn ipsec policy policy-name]
proposals [ proposal-names ];
An IKE policy defines a combination of security parameters (IKE proposals) to be used
during IKE negotiation. It defines a peer address and the proposals needed for that
connection. Depending on which authentication method is used, it defines the preshared
key for the given peer or the local certificate. During the IKE negotiation, IKE looks for an
IKE policy that is the same on both peers. The peer that initiates the negotiation sends
all its policies to the remote peer, and the remote peer tries to find a match.
A match is made when both policies from the two peers have a proposal that contains
the same configured attributes. If the lifetimes are not identical, the shorter lifetime
between the two policies (from the host and peer) is used. The configured preshared
key must also match its peer.
You can create multiple, prioritized proposals at each peer to ensure that at least one
proposal matches a remote peer's proposal.
First, you configure one or more IKE proposals; then you associate these proposals with
an IKE policy. You can also prioritize a list of proposals used by IKE in the
by listing the proposals you want to use, from first to last.
To configure an IKE policy, include the
[edit services ipsec-vpn ike]
[edit services ipsec-vpn ike]
policy policy-name {
pre-shared-key (ascii-text key | hexadecimal key);
proposals [ proposal-names ];
}
This section includes the following topics:
Configuring the Proposals in an IKE Policy on page 1104
Configuring the Preshared Key for an IKE Policy on page 1104
The IKE policy includes a list of one or more proposals associated with an IKE policy.
To configure the proposals in an IKE policy, include the
one or more proposal names at the
hierarchy level:
proposals [ proposal-names ];
When you include the
authentication-method pre-shared-keys
services ipsec-vpn ike proposal proposal-name]
authenticate peers; for more information, see Configuring the Authentication Method for
statement and specify a policy name at the
policy
hierarchy level:
[edit services ipsec-vpn ike policy policy-name]
hierarchy level, IKE policy preshared keys
policy statement
statement and specify
proposals
statement at the
[edit
Copyright © 2017, Juniper Networks, Inc.