Table of Contents
Advertisement
extended-authentication
Specifying IPSec Security Association Transforms
transform
Specifying IPSec Security Association PFS and DH Group Parameters
Copyright © 2010, Juniper Networks, Inc.
Use to specify the extended user authentication protocol for use during the extended
user authentication protocol exchange. This command can also enable or disable the
reauthentication option (a subsequent authentication procedure).
The re-authenticate keyword enables the reauthentication option (a subsequent
authentication procedure).
The skip-peer-config keyword disables the router from configuring peer IP
characteristics.
Example
host1(config-ipsec-tunnel-profile)#extended-authentication chap
Use the no version to reset the extended authentication to the default protocol, pap.
See extended-authentication.
The transform command specifies the IPSec transforms that IPSec SA negotiations can
use for this profile. The router accepts the first transform proposed by a client that
matches one of the transforms specified by this command. During an IPSec SA exchange
with a client, the router proposes all transforms specified by this command and one is
accepted by the client.
NOTE: You can specify up to six transform algorithms for this profile.
For additional information about transforms and transform sets, see "Configuring IPSec"
on page 119.
Use to specify the eligible transforms for this profile for IPSec security association
negotiations.
Example
host1(config-ipsec-tunnel-profile)#transform ah-hmac-md5
Use the no version to reset the transform to the default, esp-3des-sha1.
See transform.
The pfs group command specifies the IPSec SA perfect forward secrecy (PFS) option
and Diffie-Hellman prime modulus group that IPSec SA negotiations can use for this
profile.
Chapter 6: Configuring Dynamic IPSec Subscribers
179
Advertisement
Table of Contents
