Help Center User GuideGetting Started
 
X
User Guide
Getting Started
Contents  

Add an IPSec Policy

You are here: Configure > Security Services > IPSec VPN > IKE (Phase II).

Procedure

To add an IPSec policy:

  1. Click the add icon (+) on the upper right side of the IPSec Policy tab of IKE (Phase II) page.

    The Add Policy page appears.

  2. Complete the configuration according to the guidelines provided in Table 266.
  3. Click OK to save the changes. If you want to discard your changes, click Cancel.

Table 266: Fields on the Add Policy Page

Field

Action

IPSec Policy

Name

Enter a name of the remote gateway.

Description

Enter a description of the policy to associate it with an IPSec tunnel.

Perfect Forward Secrecy

Displays the method the device uses to generate the encryption key. PFS generates each new encryption key independent of the previous key.

Select a method from the list:

  • None.

  • group1—Diffie-Hellman Group 1.

  • group2—Diffie-Hellman Group 2.

  • group5—Diffie-Hellman Group 5.

  • group14—Diffie-Hellman Group 14.

  • group19—Diffie-Hellman Group 19.

  • group20—Diffie-Hellman Group 20.

  • group24—Diffie-Hellman Group 24.

  • group15—Starting in Junos OS Release 19.1R1, Diffie-Hellman Group 15 is supported.

  • group16—Starting in Junos OS Release 19.1R1, Diffie-Hellman Group 16 is supported.

  • group21—Starting in Junos OS Release 19.1R1, Diffie-Hellman Group 21 is supported.

Note: Starting in Junos OS Release 19.1R1, the new DH-Groups supports SRX5000 Series devices with SPC3 card upon installation of junos-ike package only. To install junos-ike package from J-Web, navigate to Configure > Security Services > IPsec VPN > Global Settings and click Install.

Proposal

Predefined

Specifies that the anti-replay checking feature of IPsec be disabled. By default, anti-replay checking is enabled.

Select Predefined, and select a proposal type from the list:

  • basic

  • compatible

  • standard

  • prime-128

  • prime-256

  • suiteb-gcm-128

  • suiteb-gcm-256

User defined

Specifies a list of proposals previously defined by the user.

Click User Defined, select Proposals from the pop-up menu, and then click Add.

Note: When this IKE policy is configured for Dynamic VPN, the selected P1 proposal can only have one item for User Defined proposal.

Proposal List

Select the P1 Proposals from the Available table and by using the arrow move it to the Selected P1 Proposals table.

Note: When this IKE policy is configured for Dynamic VPN, the selected P1 proposal can only have one item for User Defined.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit