Juniper IP SERVICES - CONFIGURATION GUIDE V 11.1.X Configuration Manual page 179

tunnel session-key-outbound
tunnel signaling
Use to manually configure the authentication or encryption algorithm sets and
session keys for inbound SAs on a tunnel. You can enter this command only on
tunnels that have tunnel signaling set to manual.
Use the online Help to see a list of available algorithm sets.
Each key is an arbitrary hexadecimal string. If the algorithm set includes:
DES, create an 8-byte key using 16 hexadecimal characters
3DES, create a 24-byte key using 48 hexadecimal characters
MD5, create a 16-byte key using 32 hexadecimal characters
SHA, create a 20-byte key using 40 hexadecimal characters
Example
host1(config-if)#tunnel session-key-inbound esp-des-hmac-md5
a7bd567917bd5679 bd5678a7bd567917bd567917bd567678
Use the no version to remove inbound session keys from a tunnel.
See tunnel session-key-inbound.
Use to manually configure the authentication or encryption algorithm sets, SPI,
and session keys for outbound SAs on a tunnel. You can enter this command
only on tunnels that have tunnel signaling set to manual.
Use the online Help to see a list of available algorithm sets.
The SPI is a number in the range 256–4294967295 that identifies an SA.
Each key is an arbitrary hexadecimal string. If the algorithm set includes:
DES, create an 8-byte key using 16 hexadecimal characters
3DES, create a 24-byte key using 48 hexadecimal characters
MD5, create a 16-byte key using 32 hexadecimal characters
SHA, create a 20-byte key using 40 hexadecimal characters
Example
host1(config-if)#tunnel session-key-outbound esp-3des-hmac-md5 421
567917bd567917bd567917bd545a17bd567917bd56784a7b
fda183bef567917bd567917bd567917b
Use the no version to remove outbound session keys from a tunnel.
See tunnel session-key-outbound.
Use to set the tunnel type to signaled (ISAKMP) or manual. Specify a keyword:
isakmp Specifies to use ISAKMP/IKE to negotiate SAs and to establish keys
Chapter 5: Configuring IPSec
153
Configuration Tasks