Help Center User GuideGetting Started
User Guide
Getting Started

IPsec VPN Global Settings

You are here: Configure > Security Services > VPN > IPsec VPN.

Use this page to view or add the VPN global configuration details. Click Global settings on the IPsec VPN page.

Field Descriptions

Table 260 describes the fields on the Global Settings page.

Table 260: Fields on the Global Settings Page



IKE - Respond to bad-spi

Enable this option if you want the device to respond to IPsec packets with invalid IPsec Security Parameter Index (SPI) values.

Max Responses

Enter a value from 1 through 30 to respond to invalid SPI values per gateway. The default is 5. This option is available when Response Bad SPI is selected.

IPsec VPN Monitor Options

Enable this option if you want the device to monitor VPN liveliness.

Interval (seconds)

Enter a value from 2 through 3600 seconds after which Internet Control Message Protocol (ICMP) requests are sent to the peer.


Enter a value from 1 through 65,536 to specify the number of consecutive unsuccessful pings before the peer is declared unreachable.

Internal SA Keys

Enter the encryption key. You must ensure that the manual encryption key is in ASCII text and 24 characters long; otherwise, the configuration will result in a commit failure.

Note: This option is available only for SRX5000 line of devices, SRX4100, SRX4200, SRX4600 devices, and vSRX.

TCP Encapsulation

Enable this option to support IPsec messages encapsulated within a TCP connection for a remote access client to a remote access gateway on an SRX Series device.

Tunnel tracking

Enable this option to check tunnel status.

Related Documentation

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      

Additional Comments

800 characters remaining

May we contact you if necessary?


Need product assistance? Contact Juniper Support