See the following sections:
- ike {
- gateway gateway -name ;
- idle-time seconds ;
- install-interval seconds ;
- ipsec-policy ipsec-policy-name ;
- no-anti-replay;
-
- proxy-identity {
- local
ipv4-prefix ;
- remote
ipv4-prefix ;
- service
service-name ;
- }
- }
- [edit security ipsec vpn vpn-name ]
Statement introduced in Release 8.5 of JUNOS software.
Define an IKE-keyed IPsec VPN.
This statement is supported on J-series and SRX-series devices.
The remaining statements are explained separately.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
- ike {
-
- gateway gateway- name {
- address [( ip-address | hostname
)] |
-
- dead-peer-detection {
- always-send;
- interval seconds ;
- threshold number ;
- }
-
- dynamic {
- connections-limit number
;
-
- distinguished-name {
- container container-string
;
- wildcard wildcard-string
;
- }
- hostname domain-name ;
- ike-user-type (group-ike-id
| shared-ike-id);
- inet
ip-address ;
- user-at-hostname user-at-hostname
;
- }
- external-interface external-interface-name ;
- ike-policy policy-name ;
- local-identity (hostname hostname
| inet ipv4-ip-address |
- user-at-hostname e-mail-address | distinguished-name string );
- nat-keepalive seconds ;
- no-nat-traversal;
-
- xauth {
- access-profile profile-name ;
- }
- }
-
- policy
policy-name {
-
- certificate {
- local-certificate certificate-id
;
- peer-certificate-type (pkcs7
| x509-signature);
- trusted-ca ( ca-index | use-all);
- }
- description description ;
- mode (aggressive | main);
- pre-shared-key (ascii-text
| hexadecimal);
- proposal-set <basic |
compatible | standard>;
- }
-
- proposal proposal-name {
- authentication-algorithm
(md5 | sha1 | sha-256);
- authentication-method (dsa-signatures
| pre-shared-keys | rsa-signatures);
- description description ;
- dh-group (group1 | group2
| group5);
- encryption-algorithm (des-cbc
| 3des-cbc | aes-128-cbc | aes-192-cbc
- | aes-256-cbc);
- lifetime-seconds seconds ;
- }
- respond-bad-spi number ;
-
- traceoptions {
-
- file {
- files
number ;
- size
maximum-file-size ;
- }
-
- flag {
- all;
- certificates;
- database;
- general;
- ike;
- parse;
- policy-manager;
- routing-socket;
- timer;
- snmp;
- }
- }
- }
- [edit security]
Statement modified in Release 8.5 of JUNOS software.
Define Internet Key Exchange (IKE) configuration.
This statement is supported on J-series and SRX-series devices.
The remaining statements are explained separately.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.