1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOS OS 10.4 RELEASE NOTES
  6. Release note

Juniper JUNOS OS 10.4 - RELEASE NOTES Release Note page 98

Hide thumbs
Table of Contents

Advertisement

JUNOS OS 10.4 Release Notes
98
The default values for IKE and IPsec security association (SA) rekey timeout are as
follows:
For IKE SA, the rekey timeout is 28800 seconds.
For IPsec SA, the rekey timeout is 3600 seconds.
The basic use cases of proposals are as follows:
IKE and IPsec both use proposal sets.
The server selects a predefined proposal from the proposal set and sends it to the
client, along with the default rekey timeout value.
IKE uses a proposal set, and IPsec uses a custom proposal.
The server sends a predefined IKE proposal from the configured IKE proposal set to
the client, along with the default rekey timeout value. For IPsec, the server sends the
setting that is configured in the IPsec proposal.
IKE uses a custom proposal, and IPsec uses a proposal set.
The server sends a predefined IPsec proposal from the configured IPsec proposal
set to the client, along with the default rekey timeout value. For IKE, the server sends
the setting that is configured in the IKE proposal.
NOTE: If IPsec uses the standard proposal set and perfect forward secrecy
(PFS) is not configured, then the default PFS is set as group2. For other
proposal sets, PFS will not be set because it is not configured.
[Junos OS CLI Reference, Junos OS Security Configuration Guide]
Local authentication and IP address assignment for dynamic VPN—This feature is
supported on SRX100, SRX210, SRX220, SRX240, and SRX650 devices.
A client application sends an authentication request and a request for an IP address
on behalf of an unauthenticated client at the same time. The communication between
the client and AUTHD is minimized because the IP address request is not sent as a
separate message.
After successful local authentication, AUTHD performs the following tasks:
Assigns the address from the predefined (or statically assigned) address pools if
the address matches the criteria specified by the client application.
Assigns attributes such as wins server and name-server address.
Updates the associated client entry in the session database.
Note: For client applications that rely on a RADIUS or other external server for
authentication, AUTHD might not assign IP addresses.
Copyright © 2010, Juniper Networks, Inc.
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Juniper JUNOS OS 10.4 - RELEASE NOTES

Related Products for Juniper JUNOS OS 10.4 - RELEASE NOTES

This manual is also suitable for:

Junos os 10.4

Table of Contents