Configuring IKE Activation Time
You can choose the time at which IKE is activated.
To choose the time at which IKE is activated:
- Configure the establish-tunnels value.[edit services ipsec-vpn]user@host set establish-tunnels (immediately | on-traffic | responder-only)
The following describes each option:
immediately—Activate IKE immediately after VPN information is configured and configuration changes are committed.
on-traffic—Activate IKE only when data flows. IKE needs to be negotiated with the peer gateway.
responder-only—Starting in Junos OS Release 18.2R1, only respond to IKE negotiations initiated by the peer gateway. Do not initiate IKE negotiations. This option is required when another vendor’s peer gateway expects the protocol and port values in the traffic selector from the initiating gateway, which the MX Series does not provide.