gateway (Security Group VPN Server IKE)
Syntax
gateway gateway-name {
address ip-address;
dead-peer-detection {
always-send;
interval seconds;
threshold number;
}
dynamic {
(hostname hostname | inet ip-address | user-at-hostname e-mail-address);
}
ike-policy policy-name;
local-address ip-address;
local-identity {
(hostname hostname | inet ip-address | user-at-hostname e-mail-address);
}
remote-identity {
(hostname hostname | inet ip-address | user-at-hostname e-mail-address);
}
routing-instance routing-instance;
}
Hierarchy Level
[edit security group-vpn server ike]
Description
Configure IKE gateway for group VPN server.
Options
gateway gateway-name —Name of the gateway.
address ip-address —Specify
the IP address of the peer.
dead-peer-detection —Enable DPD between group
server cluster servers.
dynamic—Specify the identifier for the remote gateway with a dynamic
IPv4 address. Use this statement to set up a VPN with a gateway that
has an unspecified IPv4 address.
hostname domain-name—Specify a fully qualified domain name.inet ip-address—Specify an IPv4 address to identify the dynamic peer.user-at-hostname e-mail-address—Specify an e-mail address.
Configuring mode main for group VPN servers or members
is not supported when the remote gateway has a dynamic address and
the authentication method is pre-shared-keys.ike-policy policy-name —Specify the name of the IKE policy.
local-address ip-address —Configure
the source IP address the group VPN server uses when communicating
with a group member or a root-server. This statement is normally used
when there are multiple IP addresses bound to an interface.
local-identity—Specify the local IKE identity
to send in the exchange with the destination peer to establish communication.
If you do not configure a local-identity, the device uses the IPv4
corresponding to the local endpoint by default.
hostname hostname—Specify identity as a fully qualified domain name (FQDN).inet ip-address—Specify identity as an IPv4 address.user-at-hostname e-mail-address—Specify identity as an e-mail address.
remote-identity—Specify the remote IKE identity
of the destination peer. If you do not configure a remote identity,
the device uses, by default, the IPv4 address that corresponds to
the destination peer.
hostname hostname—Specify identity as a fully qualified domain name (FQDN).inet ip-address—Specify identity as an IPv4 address.user-at-hostname e-mail-address—Specify identity as an e-mail address.
routing-instance routing-instance—Configure the routing instance that the group VPN server uses
when communicating with a group server. This statement is used when
the IKE gateway is not configured in the default routing instance.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 10.2.
Support for the Group VPN server added in Junos OS Release 15.1X49-D30 for vSRX Virtual Firewall.