general-ikeid
Syntax
general-ikeid;
Hierarchy Level
[edit security ike gateway gateway_name dynamic]
Description
During IKE Phase 1 negotiation, when negotiation request is received, there are two identity checks.
-
IKE-ID validation from ID payload.
-
Phase 1 authentication by pre-shared key or RSA/DSA certificate.
Configure remote-identity
to lookup the certificate of the
peer for certificate authentication. This remote-identity
should match the corresponding field in the SubjectAltname
extension of the peer certificate for successful detection of peer
certificate and authentication.
The identity check with the same IKE-ID is repeated, that is, the IKE-ID
validation with remote-identity and the certificate authentication. To avoid
this, during authentication of remote peer, use the
general-ikeid
under theset security ike
gateway gateway_name dynamic
hierarchy
level to bypass the validation process.
If you enable this option, then during authentication of remote peer, the device accepts all ike-id types like, hostname, user@hostname, and so on.
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 21.1R1