Table of Contents
Advertisement
pfs group
pre-share
CAUTION: Group preshared keys are not fully secure, and we do not recommend
using them. They are provided for trials and testing purposes where the missed
security does not pose a risk to the provider.
Use the no version to delete the IP address.
See local ip address.
Use to configure perfect forward secrecy for connections created with this IPSec
transport profile.
Assign a Diffie-Hellman prime modulus group using one of the following
keywords:
1 768-bit group
2 1024-bit group
5 1536-bit group
Example
host1(config-ipsec-transport-profile)#pfs group 5
Use the no version to remove PFS from this profile, which is the default setting.
See pfs group.
Use to configure an unencrypted (red) preshared key to authenticate IKE
negotiations that arrive from any remote IP address specified for this transport
profile and that are destined for the local IP address. If the remote endpoint
address is a wildcard address, this preshared key is a group preshared key.
To have preshared key authentication take place, you must also specify the IKE
policy rule as preshared by entering authentication pre-share in ISAKMP Policy
Configuration mode.
Example
host1(config-ipsec-transport-profile-local)#pre-share secretforL2tp
Use the no version to remove the key.
Chapter 12: Securing L2TP and IP Tunnels with IPSec
Configuring IPSec Transport Profiles
305
Advertisement
Table of Contents
Related Manuals for Juniper IP SERVICES - CONFIGURATION GUIDE V 11.1.X
Related Products for Juniper IP SERVICES - CONFIGURATION GUIDE V 11.1.X
- Juniper IGP - CONFIGURATION GUIDE V11.1.X
- Juniper IP - CONFIGURATION GUIDE V11.1.X
- Juniper IPV6 - CONFIGURATION GUIDE V11.1.X
- Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP-IPV6-IGP CONFIGURATION GUIDE 2010-10-31
- Juniper NETWORK AND SECURITY MANAGER NSMXPRESS SERIES II - REV1
- Juniper IDP 75
- Juniper IDP 8200
- Juniper IDP 250