ike (Security Group VPN Server)
Syntax
ike {
gateway gateway-name {
address ip-address;
dead-peer-detection {
always-send;
interval seconds;
threshold number;
}
dynamic {
(hostname hostname | inet ip-address | user-at-hostname e-mail-address);
}
ike-policy policy-name;
local-address ip-address;
local-identity {
(hostname hostname | inet ip-address | user-at-hostname e-mail-address);
}
remote-identity {
(hostname hostname | inet ip-address | user-at-hostname e-mail-address);
}
routing-instance routing-instance;
}
policy policy-name {
description description;
mode (aggressive | main);
pre-shared-key (ascii-text key | hexadecimal key);
proposals proposal-name;
}
proposal proposal-name {
authentication-algorithm (sha-256 | sha-384);
authentication-method pre-shared-keys;
description description;
dh-group (group14 | group24);
encryption-algorithm (aes-128-cbc | aes-192-cbc | aes-256-cbc);
}
}
Hierarchy Level
[edit security group-vpn server]
Description
Configure Phase 1 security association (SA) with a member on the group server. The gateway is the group member. Group VPNv2 is supported on SRX300, SRX320, SRX340, SRX345, SRX550HM, SRX1500, SRX4100, SRX4200, and SRX4600 devices and vSRX Virtual Firewall instances.
Options
| gateway gateway-name | Configure IKE gateway for group VPN server. |
| policy policy-name | Configure an IKE policy. |
| proposal proposal-name | Define an IKE proposal. |
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 10.2.