ike (High Availability)
Syntax
ike {
gateway name {
ike-policy policy-name;
version (v1-only | v2-only);
}
policy name {
description description;
pre-shared-key (ascii-text ascii-text | hexadecimal hexadecimal);
proposals [ proposals ... ];
}
proposal name {
authentication-algorithm (md5 | sha-256 | sha-384 | sha-512 | sha1);
authentication-method (dsa-signatures | ecdsa-signatures-256 | ecdsa-signatures-384 | ecdsa-signatures-521 | pre-shared-keys | rsa-signatures);
description description;
dh-group (group1 | group14 | group15 | group16 | group19 | group2 | group20 | group21 | group24 | group5);
encryption-algorithm (aes-256-gcm);
lifetime-seconds seconds;
}
}
Hierarchy Level
[edit security]
Description
Define Internet Key Exchange (IKE) configuration for high availability feature. IKE is a key management protocol that creates dynamic SAs; it negotiates SAs for IPsec. An IKE configuration defines the algorithms and keys used to establish a secure connection with a peer security gateway.
Options
| gateway-name | Name of the gateway. |
| ike-policy | Specify the IKE policy to be used for the gateway. |
| version | Specify the IKE version to use to initiate the connection.
|
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 20.4R1.