1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. IP SERVICES - CONFIGURATION GUIDE V 11.1.X
  6. Configuration manual

Juniper IP SERVICES - CONFIGURATION GUIDE V 11.1.X Configuration Manual page 332

Ip services configuration guide
Hide thumbs
Table of Contents

Advertisement

JUNOSe 11.1.x IP Services Configuration Guide
NOTE: After you enter a preshared key, the original (unencrypted) key cannot be
retrieved. If you need to reenter the original key (for example, the system goes to
factory default and you have only the show config output) you can:
1.
2.
pre-share-masked
CAUTION: Group preshared keys are not fully secure, and we do not recommend
using them. They are provided for trials and testing purposes, where the missed
security does not pose a risk to the provider.
transform-set
306
Configuring IPSec Transport Profiles
Use the show config command to see the encrypted (masked) form of the key.
Use the pre-shared-masked command to enter the masked key. The system
will behave the same as when you entered the first pre-share key command.
See pre-share.
Use to specify an encrypted preshared key. To obtain this key, you enter an
unencrypted key using the pre-share command. You then run the show config
command, and the router displays the preshared key in encrypted form. You
enter the encrypted key using the pre-share-masked command.
The router uses the preshared key to authenticate IKE negotiations that arrive
from any remote IP address specified for this transport profile and that are
destined for any local IP address specified for this transport profile. If the remote
endpoint address is a wildcard address, this preshared key is a group preshared
key.
To have preshared key authentication take place, you must also specify the IKE
policy rule as preshared by entering authentication pre-share in ISAKMP Policy
Configuration mode.
Example
host1(config-ipsec-transport-profile-local)#pre-share-masked
AAAAGAAAAAcAAAACZquq4ABieTUBuNBELSY8b/L3CX/RcPX7
There is no no version. To remove a key, use the no pre-share command.
See pre-share-masked.
Use to specify the transform set(s) that an IPSec transport connection can use
to negotiate a transform algorithm. Each transform in the set provides a different
combination of data authentication and confidentiality.
To display the available transform sets, issue the transform-set ? command.
Example
host1(config-ipsec-transport-profile)#transform-set esp-3des-hmac-sha

Advertisement

Table of Contents
loading

Related Manuals for Juniper IP SERVICES - CONFIGURATION GUIDE V 11.1.X

Related Products for Juniper IP SERVICES - CONFIGURATION GUIDE V 11.1.X

This manual is also suitable for:

Junose 11.1.x ip servicesJunose v 11.1

Table of Contents