blocklists (Security IKE)
Syntax
blocklists { blocklist-name { description text-description; rule rule-name { match { role (initiator | responder); id-type (inet | inet6 | hostname | distinguished-name | user-at-hostname | key-id); id-pattern value; } then { (discard | reject); backoff timeout-value; } } } }
Hierarchy Level
[edit security ike]
Description
Defines the remote peer IKE identity blocklist(s) configuration.
In the configuration hierarchy, you can configure different blocklists for blocking
IKE IDs during IKE SA negotiation authentication phase. Once you configure the
blockslists, you can use a blocklist in the corresponding IKE policy at the
[edit security ike policy policy-name blocklist
blocklist-name]
hierarchy level.
Options
blocklists blocklist-name |
Specify the blocklist name.
|
rule rule-name |
Specify the rule name.
|
description text-description |
(Optional) Specify the text description. |
match |
Match criteria. |
id-type (inet | inet6 | hostname | distinguished-name | user-at-hostname | key-id) |
Specify the remote peer IKE identity type with one of the following:
|
id-pattern <value> |
Specify a valid remote peer IKE identity value based on the
|
role (initiator|responder) |
Specify the remote peer role as the
|
then |
Action for the match criteria. |
discard |
Discard the peer connection immediately without sending back a response. |
reject |
Discard the connection immediately and send back a failure response. |
backoff timeout-value |
(Optional) Discard the connection immediately and set a backoff timer. If
you do not configure the option explicitly, the
|
For other statements, see CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
blocklists
statement introduced in Junos OS Release 23.4R1.