Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

IPsec VPN Global Settings

You are here: VPN > IPsec VPN.

Use this page to view or add the VPN global configuration details. Click Global settings on the IPsec VPN page.

Field Descriptions

Table 1 describes the fields on the Global Settings page.

Table 1: Fields on the Global Settings Page

Field

Description

General

IKE - Respond to bad-spi

Enable this option if you want the device to respond to IPsec packets with invalid IPsec Security Parameter Index (SPI) values.

Max Responses

Enter a value from 1 through 30 to respond to invalid SPI values per gateway. The default is 5. This option is available when Response Bad SPI is selected.

IPsec VPN Monitor Options

Enable this option if you want the device to monitor VPN liveliness.

Interval (seconds)

Enter a value from 2 through 3600 seconds after which Internet Control Message Protocol (ICMP) requests are sent to the peer.

Threshold

Enter a value from 1 through 65,536 to specify the number of consecutive unsuccessful pings before the peer is declared unreachable.

Remote Access VPN

Default Profile Name

Select a default profile name from the list.

Note:

This option is available when at least one Juniper Secure Connect VPN is created.

SSL VPN Tunnel tracking

Enable this option to track Encapsulated Security Payload (ESP) tunnels.

SSL VPN Profiles

Lists the SSL VPN profiles.

Note:

This option displays associated IPsec VPNs when at least one Juniper Secure Connect VPN is created.

To add a new SSL VPN profile:

  1. Click +.

    The Add SSL VPN Profile page appears.

  2. Enter the following details:

    • Name—Enter the name for an SSL VPN profile.

    • Logging—Enable this option to log for SSL VPN.

    • SSL Termination Profile—Select an SSL termination profile from the list.

      To add a new SSL termination profile:

      1. Click Add.

        The Create SSL Termination Profile page appears.

      2. Enter the following details:

        • Name—Enter a name for the SSL termination profile.

        • Server Certificate—Select a server certificate from the list.

          To add a certificate, click Add. For more information on adding a device certificate, see Add a Device Certificate.

          To import a certificate, click Import. For more information on importing a device certificate, see Import a Device Certificate.

        • Click OK.

      3. Click OK.

  3. Click OK.

To edit an SSL termination profile, select the profile you want to edit and click on the pencil icon.

To delete an SSL termination profile, select the profile you want to delete and click on the delete icon.

Internal SA

Internal SA Keys

Enter the encryption key. You must ensure that the manual encryption key is in ASCII text and 24 characters long; otherwise, the configuration will result in a commit failure.

Note:

This option is available only for SRX5000 line of devices, SRX4100, SRX4200, SRX4600 devices, and vSRX.