IPSec VPN - Phase 2 problem

[ Edited ]
‎10-10-2019 06:19 AM


I am trying to set up a VPN tunnel btw MX5 and Fortinet device.


Problem is we need to use authentication algorithm SHA256 but when i try to setup vpn rule to use that algorithm i get the next error:


tech@ar2# commit check
[edit services ipsec-vpn rule vpn_rule_ms_0_0_01_new term term11 then dynamic ipsec-policy]
'ipsec-policy ipsec_policy_ms_0_0_0_new'
hmac-sha-256-128 is not supported with ms- interface
error: configuration check-out failed


it seems SHA1-96 works fine, but its not secure enough for this implementation

Is there anyway i can fix this to use that SHA256-128? 


Model: mx5-t
Junos: 13.3R1.8
JUNOS Base OS boot [13.3R1.8]
JUNOS Base OS Software Suite [13.3R1.8]
JUNOS Kernel Software Suite [13.3R1.8]
JUNOS Crypto Software Suite [13.3R1.8]
JUNOS Packet Forwarding Engine Support (MX80) [13.3R1.8]
JUNOS Online Documentation [13.3R1.8]
JUNOS Services Application Level Gateways [13.3R1.8]
JUNOS Services Jflow Container package [13.3R1.8]
JUNOS Services Stateful Firewall [13.3R1.8]
JUNOS Services NAT [13.3R1.8]
JUNOS Services RPM [13.3R1.8]
JUNOS Services Crypto [13.3R1.8]
JUNOS Services SSL [13.3R1.8]
JUNOS Services IPSec [13.3R1.8]
JUNOS Routing Software Suite [13.3R1.8]


Thank you very much for any help.