connections (Host VPN)

Syntax

Hierarchy Level

Description

Configure IPsec connection details. The Internet Key Exchange (IKE) protocol is a component of IPsec used for performing mutual authentication and establishing and maintaining security associations (SAs). Each SA describes a specific negotiated set of parameters to protect traffic for a certain time period for an IPsec VPN.

Options

connection-name

Specify the name of the IKE SA connection.

dpd-delay

Specify the Dead Peer Detection delay used on the connection. This is the Interval between sending liveness messages.

Default: 0, which is disabled Dead Peer Dectection.
Range: 0 through 3600

ike-proposal ike-proposal

Specify the algorithms to use in negotiating the IKE SA from among the pre-selected combinations available, which represent the encryption algorithm, integrity algorithm, and Diffie Hellman group.

`3des-sha1-modp1536`	Propose 3des SHA1 and DH group modp1536.
`aes256gcm128-ecp384`	Propose aes256gcm128 and DH group ecp384.
`aes256gcm128-modp3072`	Propose aes256gcm128 and DH group modp3072.
`aes256-sha384-ecp384`	Propose aes256 CBC, sha384 and DH group ecp384.
`aes256-sha384-modp3072`	Propose aes256 CBC, sha384 and DH group modp3072.
[ ]	Propose a set composed from the values permitted.

Default: aes256-sha384-ecp384

local-address

Specify the local endpoint’s IPv4 or IPv6 address.

rekey-time rekey-time

Specify how long in seconds before the IKE SA is rekeyed. Actual rekeying occurs slightly sooner than that specified because of rekey randomization.

Default: 14,400
Range: 60 through 86,400

remote-address

Specify the remote endpoint’s IPv4 or IPv6 address.

The remaining statements are explained separately.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Evolved Release 18.3R1.

ON THIS PAGE