IPsec VPN Global Settings
You are here: VPN > IPsec VPN.
Use this page to view or add the VPN global configuration details. Click Global settings on the IPsec VPN page.
Field Descriptions
Table 1 describes the fields on the Global Settings page.
Field |
Description |
---|---|
General | |
IKE - Respond to bad-spi |
Enable this option if you want the device to respond to IPsec packets with invalid IPsec Security Parameter Index (SPI) values. |
Max Responses |
Enter a value from 1 through 30 to respond to invalid SPI values per gateway. The default is 5. This option is available when Response Bad SPI is selected. |
IPsec VPN Monitor Options |
Enable this option if you want the device to monitor VPN liveliness. |
Interval (seconds) |
Enter a value from 2 through 3600 seconds after which Internet Control Message Protocol (ICMP) requests are sent to the peer. |
Threshold |
Enter a value from 1 through 65,536 to specify the number of consecutive unsuccessful pings before the peer is declared unreachable. |
Remote Access VPN | |
Default Profile Name |
Select a default profile name from the list. Note:
This option is available when at least one Juniper Secure Connect VPN is created. |
SSL VPN Tunnel tracking |
Enable this option to track Encapsulated Security Payload (ESP) tunnels. |
SSL VPN Profiles |
Lists the SSL VPN profiles. Note:
This option displays associated IPsec VPNs when at least one Juniper Secure Connect VPN is created. To add a new SSL VPN profile:
To edit an SSL termination profile, select the profile you want to edit and click on the pencil icon. To delete an SSL termination profile, select the profile you want to delete and click on the delete icon. |
Internal SA | |
Internal SA Keys |
Enter the encryption key. You must ensure that the manual encryption key is in ASCII text and 24 characters long; otherwise, the configuration will result in a commit failure. Note:
This option is available only for SRX5000 line of devices, SRX4100, SRX4200, SRX4600 devices, and vSRX. |