Junos
Junos

IPSec VPN - Phase 2 problem

[ Edited ]
Thursday

Hello,

I am trying to set up a VPN tunnel btw MX5 and Fortinet device.

 

Problem is we need to use authentication algorithm SHA256 but when i try to setup vpn rule to use that algorithm i get the next error:

 

tech@ar2# commit check
[edit services ipsec-vpn rule vpn_rule_ms_0_0_01_new term term11 then dynamic ipsec-policy]
'ipsec-policy ipsec_policy_ms_0_0_0_new'
hmac-sha-256-128 is not supported with ms- interface
error: configuration check-out failed

 

it seems SHA1-96 works fine, but its not secure enough for this implementation

Is there anyway i can fix this to use that SHA256-128? 

 

Model: mx5-t
Junos: 13.3R1.8
JUNOS Base OS boot [13.3R1.8]
JUNOS Base OS Software Suite [13.3R1.8]
JUNOS Kernel Software Suite [13.3R1.8]
JUNOS Crypto Software Suite [13.3R1.8]
JUNOS Packet Forwarding Engine Support (MX80) [13.3R1.8]
JUNOS Online Documentation [13.3R1.8]
JUNOS Services Application Level Gateways [13.3R1.8]
JUNOS Services Jflow Container package [13.3R1.8]
JUNOS Services Stateful Firewall [13.3R1.8]
JUNOS Services NAT [13.3R1.8]
JUNOS Services RPM [13.3R1.8]
JUNOS Services Crypto [13.3R1.8]
JUNOS Services SSL [13.3R1.8]
JUNOS Services IPSec [13.3R1.8]
JUNOS Routing Software Suite [13.3R1.8]

 

Thank you very much for any help.

 

Ramiro.