Specifying IPSec Security Association Transforms
The
transform
command specifies the IPSec transforms that IPSec SA negotiations
can use for this profile. The router accepts the first transform proposed by a client
that matches one of the transforms specified by this command. During an IPSec SA
exchange with a client, the router proposes all transforms specified by this command
and one is accepted by the client.
NOTE:
You can specify up to six transform algorithms for this profile.
For additional information about transforms and transform sets, see “Configuring
IPSec” on page 125.
transform
■
Use to specify the eligible transforms for this profile for IPSec security association
negotiations.
■
Example
host1(config-ipsec-tunnel-profile)#
transform ah-hmac-md5
■
Use the
no
version to reset the transform to the default, esp-3des-sha1.
■
See transform.
Specifying IPSec Security Association PFS and DH Group Parameters
The
pfs group
command specifies the IPSec SA perfect forward secrecy (PFS) option
and Diffie-Hellman prime modulus group that IPSec SA negotiations can use for this
profile.
NOTE:
When the client initiates the IPSec negotiation, the router can accept
Diffie-Hellman prime modulus groups that are higher than those configured.
For additional information about PFS, see “Configuring IPSec” on page 125.
pfs group
■
Use to configure perfect forward secrecy for connections created with this IPSec
tunnel configuration profile by assigning a Diffie-Hellman prime modulus group.
■
Example
host1(config-ipsec-tunnel-profile)#
pfs group 5
■
Use the
no
version to remove PFS from the profile.
■
See pfs group.
188
■
Configuring IPSec Tunnel Profiles
JUNOSe 11.1.x IP Services Configuration Guide
Summary of Contents for IP SERVICES - CONFIGURATION GUIDE V 11.1.X
Page 6: ...vi...
Page 8: ...viii JUNOSe 11 1 x IP Services Configuration Guide...
Page 18: ...xviii Table of Contents JUNOSe 11 1 x IP Services Configuration Guide...
Page 20: ...xx List of Figures JUNOSe 11 1 x IP Services Configuration Guide...
Page 22: ...xxii List of Tables JUNOSe 11 1 x IP Services Configuration Guide...
Page 28: ...2 Chapters JUNOSe 11 1 x IP Services Configuration Guide...
Page 138: ...112 Monitoring J Flow Statistics JUNOSe 11 1 x IP Services Configuration Guide...
Page 286: ...260 Monitoring IP Tunnels JUNOSe 11 1 x IP Services Configuration Guide...
Page 312: ...286 Monitoring IP Reassembly JUNOSe 11 1 x IP Services Configuration Guide...
Page 357: ...Part 2 Index Index on page 333 Index 331...
Page 358: ...332 Index JUNOSe 11 1 x IP Services Configuration Guide...