Configuring an IKE Gateway (Standard and Dynamic VPNs)

When configuring Phase 1 of an IPsec tunnel using IKE, you first configure proposals, then policies, and finally you configure the gateway. The following example-based instructions show how to create the IKE gateway.

When creating the gateway, you must reference the Phase 1 policy. In this example, you create an IKE gateway called ike_gateway_1, reference the policy ike_pol_1, and configure an IP address for the gateway. You configure dead peer detection (DPD) to send a DPD request packet when the device has not received traffic from a peer for 10 seconds, and to consider the peer unavailable after five sequences of waiting 10 seconds and sending a DPD request packet. You also specify ge-0/0/0 as the outgoing interface.

To configure a gateway for an IKE tunnel, use either the J-Web or the CLI configuration editor. (For information about configuring IKE gateways using J-Web Quick Configuration pages, see Configuring an IKE Gateway—Quick Configuration (Standard VPNs)or Configuring an IKE Gateway—Quick Configuration (Dynamic VPNs))

This topic covers:

• J-Web Configuration
• CLI Configuration

J-Web Configuration

To configure an IKE gateway in J-Web:

1. Select Configure>CLI Tools>Point and Click CLI.
2. Next to Security, click Configure or Edit.
3. Next to Ike, click Configure or Edit.
4. Next to Gateway, click Add new entry.
5. In the Gateway name box, type Ike_gateway_1.
6. Next to Dead peer detection, select the check box and click Configure.
7. In the Interval box, type 10.
8. In the Threshold box, type 5 and click OK.
9. In the External interface box, type ge-0/0/0.
10. In the Ike policy box, type ike_pol_1.
11. From the Remote identifier list, select Address.
12. Next to Address, click Add new entry.
13. In the Value box, type 1.1.1.2.
14. To save and commit the configuration, click Commit.

CLI Configuration

To configure an IKE gateway using the CLI editor:

Use the following command to display information about this IKE gateway: