Table of Contents
Advertisement
JunosE 11.2.x IP Services Configuration Guide
ipsec ike-policy-rule
ipsec key generate
ipsec key pubkey-chain rsa
226
Use to specify in the ISAKMP/IKE policy that the router uses the RSA signature
authentication method for IKE negotiations.
Example
host1(config-ike-policy)#authentication rsa-sig
Use the no version to restore the default authentication method, preshared keys.
See authentication.
Use to access IPSec IKE Policy Configuration mode to define an ISAKMP/IKE policy.
For information about how to use this command, see "ipsec ike-policy-rule" on page 217
.
Example
host1(config)#ipsec ike-policy-rule 2
host1(config-ike-policy)#
Use the no version to remove policies. If you do not include a priority number with the
no version, all policies are removed.
See ipsec ike-policy-rule.
Use to generate a 1024-bit or 2048-bit RSA key pair.
Example
host1(config)#ipsec key generate rsa 2048
Please wait.................................................
..........................
IPsec Generate Keys complete
There is no no version. To remove a key pair, use the ipsec key zeroize command.
See ipsec key generate.
Use to access IPSec Peer Public Key Configuration mode to configure the public key
for a remote peer with which you want to establish IKE SAs.
The ipsec key pubkey-chain rsa command enables you to manually enter the public
key data for the remote peer without having to obtain a digital certificate.
To specify the IP address of the remote peer associated with the public key, use the
address keyword followed by the IP address, in 32-bit dotted decimal format.
To specify the identity of the remote peer associated with the public key, use the name
keyword followed by either:
The fully qualified domain name (FQDN)
The FQDN preceded by an optional user@ specification; this is also referred to as
user FQDN format
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
