Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

VPN Global Settings Configuration Page Options

 
  1. Select Configure>IPSec VPN>Global Settings in the J-Web user interface if you are using SRX5400, SRX5600, or SRX5800 platforms.

    Or

    Select Configure>Security>IPSec VPN>Global Settings in the J-Web user interface.

    The VPN Global Settings configuration page appears. Table 223 explains the contents of this page.

  2. Click one:

    • Save—Applies changes to the configuration. Enter information as specified in Table 224.

    • Reset—Resets the configuration without saving changes.

Table 223: VPN Global Configuration Options

Field

Function

IKE Global Settings

Response Bad SPI

Displays the response to invalid IPsec SPI values.

Maximum Responses

Displays the number of times to respond to invalid SPI values per gateway.

IPsec Global Settings

VPN Monitor Options

Displays whether or not VPN monitoring options is selected.

Interval

Displays the interval at which ICMP requests are sent to the peer.

Threshold

Displays the number of consecutive unsuccessful pings before the peer is declared unreachable.

Internal SA

Enables secure login and prevents attackers from gaining privileged access through this control port by configuring the internal IPsec security association (SA).

Key (24 bytes)

Specifies the encryption key. You must ensure that the manual encryption key is in ASCII text and 24 characters long; otherwise, the configuration will result in a commit failure.

Table 224: Add VPN Global Configuration Details

Field

Function

Action

IKE Global Settings

Response Bad SPI

Provides response to invalid IPsec security parameter index values. If the SAs between two peers of an IPsec VPN become unsynchronized, the device resets the state of a peer so that the two peers are synchronized.

Select the check box if you want the device to respond to IPsec packets with bad SPI values.

Maximum Responses

Specifies the number of times to respond to invalid SPI values per gateway.

Enter a value from 1 through 30. The default is 5. This option is available when Response Bad SPI is selected.

IPSec Global Settings

VPN Monitor Options

Provides VPN monitoring options.

Select the check box if you want the device to monitor VPN liveliness.

Interval

Specifies the interval at which ICMP requests are sent to the peer.

Enter a value from 1 through 36,000 seconds.

Threshold

Specifies the number of consecutive unsuccessful pings before the peer is declared unreachable.

Enter a value from 1 through 65,536.

Internal SA

Enables secure login and prevents attackers from gaining privileged access through this control port by configuring the internal IPsec security association (SA).

Select the check box to enable Internal SA.

Key (24 bytes)

Specifies the encryption key.

Enter the encryption key. Ensure that the manual encryption key is in ASCII text and 24 characters long; otherwise, the configuration will result in a commit failure.

PowerMode IPSec

Pushes the relevant IPSec configuration required for the device.

Note: Starting in Junos OS Release 19.1R1, PowerMode IPSec (PMI) configuration supports only SRX4100, SRX4200, SRX4600, SRX5000 Series devices with SPC3 card, and vSRX2.0

Select the check box to enable PMI.

Note:

  • By default, PFE service restarts automatically after the commit. The PFE service will not explicitly restart.

  • The J-Web user interface allows you to enable or disable PMI depending on the configuration required for each of the devices.

Release History Table
Release
Description
19.1R1
Starting in Junos OS Release 19.1R1, PowerMode IPSec (PMI) configuration supports only SRX4100, SRX4200, SRX4600, SRX5000 Series devices with SPC3 card, and vSRX2.0