1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOSE 11.0.X IP SERVICES
  6. Configuration manual

Ike Policies; Priority; Table 13: Initiator Proposals And Policy Rules - Juniper JUNOSE 11.0.X IP SERVICES Configuration Manual

For e series broadband services routers - ip services configuration
Hide thumbs
Table of Contents

Advertisement

JUNOSe 11.0.x IP Services Configuration Guide

Table 13: Initiator Proposals and Policy Rules

The router responds to phase 1 negotiations with the highest-priority policy rule that
matches the initiator. A match means that all parameters, including the exchange
type, match.

IKE Policies

An IKE policy defines a combination of security parameters to be used during the
IKE SA negotiation. IKE policies are configured on both security gateway peers, and
there must be at least one policy on the local peer that matches a policy on the
remote peer. Failing that, the two peers are not able to successfully negotiate the
IKE SA, and no data flow is possible.
IKE policies are global to the router. Every ISM on a router uses the same set of
policies when negotiating IKE SAs. The agreed-on IKE SA between the local system
and a remote security gateway may vary, because it depends on the IKE policies
used by each remote peer. However, the initial set of IKE policies the router uses is
always the same and independent of which peer the router is negotiating with.
During negotiation, the router might skip IKE policies that require parameters that
are not configured for the remote security gateway with which the IKE SA is being
negotiated.
You can define up to ten IKE policies, with each policy having a different combination
of security parameters. A default IKE policy that contains default values for every
policy parameter is available. This policy is used only when IKE policies are not
configured and IKE is required.
The following sections describe each of the parameters contained in an IKE policy.

Priority

Priority allows better (more secure) policies to be given preference during the
negotiation process. However, every IKE policy is considered secure enough to secure
the IKE SA flow.
During IKE negotiation, all policies are scanned, one at a time, starting from the
highest-priority policy and ending with the lowest-priority policy. The first policy that
142
IKE Overview
Aggressive Mode
Initiator Requests
Setting
(First Time)
Accepted
Main mode
Requested
Aggressive mode
Required
Aggressive mode
None
Main mode
Initiator Requests
Responder Policy
(Rekeyed)
Rule
Follows First Time
Aggressive or Main modes
(follows initiator)
Follows First Time
Aggressive or Main modes
(follows initiator)
Aggressive Mode
Aggressive mode
Main Mode
Main mode

Advertisement

Table of Contents
loading

Related Manuals for Juniper JUNOSE 11.0.X IP SERVICES

Related Content for Juniper JUNOSE 11.0.X IP SERVICES

This manual is also suitable for:

Junose 11.0.x

Table of Contents