1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE...
  6. Configuration manual

Ike Policies; Priority; Encryption; Hash Function - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual

Software for e series broadband services routers ip services configuration guide
Hide thumbs
Table of Contents

Advertisement

JunosE 11.3.x IP Services Configuration Guide

IKE Policies

136
An IKE policy defines a combination of security parameters to be used during the IKE SA
negotiation. IKE policies are configured on both security gateway peers, and there must
be at least one policy on the local peer that matches a policy on the remote peer. Failing
that, the two peers are not able to successfully negotiate the IKE SA, and no data flow
is possible.
IKE policies are global to the router. Every ISM on a router uses the same set of policies
when negotiating IKE SAs. The agreed-on IKE SA between the local system and a remote
security gateway may vary, because it depends on the IKE policies used by each remote
peer. However, the initial set of IKE policies the router uses is always the same and
independent of which peer the router is negotiating with.
During negotiation, the router might skip IKE policies that require parameters that are
not configured for the remote security gateway with which the IKE SA is being negotiated.
You can define up to ten IKE policies, with each policy having a different combination of
security parameters. A default IKE policy that contains default values for every policy
parameter is available. This policy is used only when IKE policies are not configured and
IKE is required.
The following sections describe each of the parameters contained in an IKE policy.

Priority

Priority allows better (more secure) policies to be given preference during the negotiation
process. However, every IKE policy is considered secure enough to secure the IKE SA flow.
During IKE negotiation, all policies are scanned, one at a time, starting from the
highest-priority policy and ending with the lowest-priority policy. The first policy that the
peer security gateway accepts is used for that IKE session. This procedure is repeated
for every IKE session that needs to be established.

Encryption

A specific encryption transform can be applied to an IKE policy. The supported encryption
algorithms are:
DES
3DES

Hash Function

A specific hash function can be applied to an IKE policy. The supported ones are:
MD5
SHA-1
IKE also uses an authentication algorithm during IKE exchanges. This authentication
algorithm is automatically set to the HMAC version of the specified hash algorithm.
Copyright © 2010, Juniper Networks, Inc.

Advertisement

Table of Contents
loading

Related Manuals for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01

Related Content for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01

This manual is also suitable for:

Junose 11.3

Table of Contents