Table of Contents
Advertisement
JunosE 11.2.x IP Services Configuration Guide
tunnel session-key-outbound
tunnel signaling
tunnel source
146
MD5, create a 16-byte key using 32 hexadecimal characters
SHA, create a 20-byte key using 40 hexadecimal characters
Example
host1(config-if)#tunnel session-key-inbound esp-des-hmac-md5 a7bd567917bd5679
bd5678a7bd567917bd567917bd567678
Use the no version to remove inbound session keys from a tunnel.
See tunnel session-key-inbound.
Use to manually configure the authentication or encryption algorithm sets, SPI, and
session keys for outbound SAs on a tunnel. You can enter this command only on tunnels
that have tunnel signaling set to manual.
Use the online Help to see a list of available algorithm sets.
The SPI is a number in the range 256–4294967295 that identifies an SA.
Each key is an arbitrary hexadecimal string. If the algorithm set includes:
DES, create an 8-byte key using 16 hexadecimal characters
3DES, create a 24-byte key using 48 hexadecimal characters
MD5, create a 16-byte key using 32 hexadecimal characters
SHA, create a 20-byte key using 40 hexadecimal characters
Example
host1(config-if)#tunnel session-key-outbound esp-3des-hmac-md5 421
567917bd567917bd567917bd545a17bd567917bd56784a7b
fda183bef567917bd567917bd567917b
Use the no version to remove outbound session keys from a tunnel.
See tunnel session-key-outbound.
Use to set the tunnel type to signaled (ISAKMP) or manual. Specify a keyword:
isakmp—Specifies to use ISAKMP/IKE to negotiate SAs and to establish keys
manual—Specifies that security parameters and keys are configured manually
Example
host1(config-if)#tunnel signaling manual
Use the no version to restore the default value, isakmp.
See tunnel signaling.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
