Table of Contents
Advertisement
JUNOSe 11.0.x IP Services Configuration Guide
Specifying IPSec Security Association Transforms
The transform command specifies the IPSec transforms that IPSec SA negotiations
can use for this profile. The router accepts the first transform proposed by a client
that matches one of the transforms specified by this command. During an IPSec SA
exchange with a client, the router proposes all transforms specified by this command
and one is accepted by the client.
NOTE: You can specify up to six transform algorithms for this profile.
For additional information about transforms and transform sets, see "Configuring
IPSec" on page 125.
transform
Specifying IPSec Security Association PFS and DH Group Parameters
The pfs group command specifies the IPSec SA perfect forward secrecy (PFS) option
and Diffie-Hellman prime modulus group that IPSec SA negotiations can use for this
profile.
NOTE: When the client initiates the IPSec negotiation, the router can accept
Diffie-Hellman prime modulus groups that are higher than those configured.
For additional information about PFS, see "Configuring IPSec" on page 125.
pfs group
188
Configuring IPSec Tunnel Profiles
Use to specify the eligible transforms for this profile for IPSec security association
negotiations.
Example
host1(config-ipsec-tunnel-profile)#transform ah-hmac-md5
Use the no version to reset the transform to the default, esp-3des-sha1.
See transform.
Use to configure perfect forward secrecy for connections created with this IPSec
tunnel configuration profile by assigning a Diffie-Hellman prime modulus group.
Example
host1(config-ipsec-tunnel-profile)#pfs group 5
Use the no version to remove PFS from the profile.
See pfs group.
Advertisement
Table of Contents
