Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual page 175

aggressive-mode
authentication
Copyright © 2010, Juniper Networks, Inc.
host1(config-ike-policy)#
You can then set the following parameters, or use the default settings:
Allow aggressive mode negotiation.
host1(config-ike-policy)#aggressive-mode
Specify the authentication method.
host1(config-ike-policy)#authentication pre-share
Specify the encryption algorithm.
host1(config-ike-policy)#encryption 3des
Assign a Diffie-Hellman group.
host1(config-ike-policy)#group 5
Set the hash algorithm.
host1(config-ike-policy)#hash md5
Specify the lifetime of IKE SAs created using this policy.
host1(config-ike-policy)#lifetime 360
Use to enable aggressive mode negotiation for the tunnel.
If you specify aggressive mode negotiation, the tunnel proposes aggressive mode to
the peer in connections that the policy initiates.
If the peer initiates a negotiation, the tunnel accepts the negotiation if the mode
matches this policy.
Use the accepted keyword to accept aggressive mode when proposed by peers
Use the requested keyword to request aggressive mode when negotiating with peers
Use the required keyword to only request and accept aggressive mode when negotiating
with peers.
Example
host1(config-ike-policy)#aggressive-mode accepted
Use the no version to set the negotiation mode to main mode.
See aggressive-mode.
Use to specify the authentication method the router uses in the IKE policy: preshared
keys or RSA signature.
Example
host1(config-ike-policy)#authentication pre-share
Use the no version to restore the default, preshared keys.
See authentication.
Chapter 5: Configuring IPSec
149