Help Center Configure Security Services—VPN IPsec (Phase II)

Contents

ContentsHide

J-Web User Guide for SRX Series Devices
- About the Documentation
- Juniper Web Device Manager
  - Getting Started
- Dashboard
  - J-Web Dashboard
    - Dashboard Overview
- Monitor
- Configure
  - Device Settings
    - Configure Basic Settings
    - Configure Chassis Cluster
    - Configure Cluster (HA) Setup
    - Configure PPPoE
    - Configure VPN
    - Configure NAT
  - Setup Wizard
    - Configure Setup Wizard
  - Interfaces—Ports
    - About the Ports Page
    - Add a Logical Interface
    - Edit a Logical Interface
    - Delete Logical Interface
  - Interfaces—Interconnecting Ports
    - About the Interconnecting Ports Page
    - Add a LT Logical Interface
    - Edit a LT Logical Interface
    - Delete Logical Interface
    - Search for Text in an Interconnect Ports Table
  - Interfaces—VLAN
    - About the VLAN Page
    - Add a VLAN
    - Edit a VLAN
    - Delete VLAN
    - Assign an Interface to VLAN
  - Interfaces—Link Aggregation
    - About the Link Aggregation Page
    - Link Aggregation Global Settings
    - Add a Logical Interface to Link Aggregation
    - Add a Link Aggregation
    - Edit an Aggregated Interface
    - Delete Link Aggregation
    - Search for Text in the Link Aggregation Table
  - Network— DHCP Client
    - About the DHCP Client Page
    - Add DHCP Client Information
    - Delete DHCP Client Information
  - Network—DHCP Server
    - About the DHCP Server Page
    - Add a DHCP Pool
    - Edit a DHCP Pool
    - Delete DHCP Pool
    - DHCP Groups Global Settings
    - Add a DHCP Group
    - Edit a DHCP Group
    - Delete DHCP Group
  - Network—Routing Instances
    - About the Routing Instances Page
    - Add a Routing Instance
    - Edit a Routing Instance
    - Delete Routing Instance
  - Network—Static Routing
    - About the Static Routing Page
    - Add a Static Route
    - Edit a Static Route
    - Delete Static Route
  - Network—RIP Routing
    - About the RIP Page
    - Add a RIP Instance
    - Edit a RIP Instance
    - Delete RIP Instance
    - Edit RIP Global Settings
    - Delete RIP Global Settings
  - Network—OSPF Routing
    - About the OSPF Page
    - Add an OSPF
    - Edit an OSPF
    - Delete OSPF
  - Network—BGP Routing
    - About the BGP Page
    - Add a BGP Group
    - Edit a BGP Group
    - Delete a BGP Group
    - Edit Global Information
  - Network—ALG
    - About the ALG Page
  - Network—Forwarding Mode
    - About the Forwarding Mode Page
  - Network—Policies
    - About the Policies Page
    - Global Options
    - Add a Policy
    - Clone a Policy
    - Edit a Policy
    - Delete Policy
    - Test a Policy
  - Network—DS-Lite
    - About the DS-Lite Page
    - Add a DS-Lite
    - Edit a DS-Lite
    - Delete DS-Lite
  - Network—CoS Value Alias
    - About the Value Alias Configuration Page
    - Add a Code Point Alias
    - Edit a Code Point Alias
    - Delete Code Point Alias
  - Network—CoS Forwarding Classes
    - About the Forwarding Classes Page
    - Add a Forwarding Class
    - Edit a Forwarding Class
    - Delete Forwarding Class
  - Network—CoS Classifiers
    - About the Classifiers Page
    - Add a Classifier
    - Edit a Classifier
    - Delete Classifier
  - Network—CoS Rewrite Rules
    - About the Rewrite Rules Page
    - Add a Rewrite Rule
    - Edit a Rewrite Rule
    - Delete Rewrite Rule
  - Network—CoS Schedulers
    - About the Schedulers Page
    - Add a Scheduler
    - Edit a Scheduler
    - Delete Scheduler
  - Network—CoS Scheduler Maps
    - About the Scheduler Maps Page
    - Add a Scheduler Map
    - Edit a Scheduler Map
    - Delete Scheduler Map
  - Network—CoS Drop Profile
    - About the Drop Profile Page
    - Add a Drop Profile
    - Edit a Drop Profile
    - Delete Drop Profile
  - Network—CoS Virtual Channel Groups
    - About the Virtual Channel Groups Page
    - Add a Virtual Channel
    - Edit a Virtual Channel
    - Delete Virtual Channel
  - Network—CoS Assign To Interface
    - About the Assign To Interface Page
    - Edit a Port
    - Add a Logical Interface
    - Edit a Logical Interface
    - Delete Logical Interface
  - User Management
    - About the User Management Page
    - Add an User
    - Edit an User
    - Delete User
  - Users—Access Profile
    - About the Access Profile Page
    - Add an Access Profile
    - Edit an Access Profile
    - Delete an Access Profile
  - Users—Firewall Authentication
    - About the Firewall Authentication Page
  - Users—UAC Settings
    - About the UAC Settings Page
  - Security Objects—Application Tracking
    - About the Application Tracking Page
  - Security Objects—Address Pools
    - About the Address Pools Page
    - Add an Address Pool
    - Edit an Address Pool
    - Delete Address Pool
    - Search for Text in an Address Pools Table
  - Security Services—Policy Rules
    - About the Rules Page
    - Global Options
    - Add a Rule
    - Clone a Rule
    - Edit a Rule
    - Delete Rules
  - Security Services—Policy Objects Zones/Screens
    - About the Zones/Screens Page
    - Add a Zone
    - Edit a Zone
    - Delete Zone
    - Add a Screen
    - Edit a Screen
    - Delete Screen
  - Security Services—Policy Objects Services
    - About the Services Page
    - Add a Custom Application
    - Edit a Custom Application
    - Delete Custom Application
    - Add an Application Group
    - Edit an Application Group
    - Delete Application Group
  - Security Services—Policy Objects Zone Addresses
    - About the Zone Addresses Page
    - Add Zone Addresses
    - Clone Zone Addresses
    - Edit Zone Addresses
    - Delete Zone Addresses
    - Search Text in a Zone Addresses Table
  - Security Services—Policy Objects Global Addresses
    - About the Global Addresses Page
    - Add an Address Book
    - Edit an Address Book
    - Delete Address Book
  - Security Services—Policy Objects Proxy Profiles
    - About the Proxy Profiles Page
    - Add a Proxy Profile
    - Edit a Proxy Profile
    - Delete Proxy Profile
  - Security Services—Policy Objects Schedules
    - About the Schedules Page
    - Add a Schedule
    - Clone a Schedule
    - Edit a Schedule
    - Delete Schedule
    - Search Text in Schedules Table
  - Security Services—IPv4 Firewall Filters
    - About the IPv4 Page
    - Add IPv4 Firewall Filters
  - Security Services—IPv6 Firewall Filters
    - About the IPv6 Page
    - Add IPv6 Firewall Filters
  - Security Services—Firewall Filters—Assign to Interfaces
    - About the Assign to Interfaces Page
  - Security Services—Source NAT
    - About the Source Page
    - Global Settings
    - Add a Source Rule Set
    - Edit a Source Rule Set
    - Delete Source Rule Set
    - Add a Source NAT Pool
    - Edit a Source NAT Pool
    - Delete Source NAT Pool
  - Security Services—Destination NAT
    - About the Destination Page
    - Add a Destination Rule Set
    - Edit a Destination Rule Set
    - Delete Destination Rule Set
    - Add a Destination NAT Pool
    - Edit a Destination NAT Pool
    - Delete Destination NAT Pool
  - Security Services—Static NAT
    - About the Static Page
    - Add a Static Rule Set
    - Edit a Static Rule Set
    - Delete Static Rule Set
  - Security Services—NAT Proxy ARP/ND
    - About the Proxy ARP/ND Page
    - Add a Proxy ARP
    - Edit a Proxy ARP
    - Delete a Proxy ARP
    - Add a Proxy ND
    - Edit a Proxy ND
    - Delete Proxy ND
  - Security Services—App Secure Application Signatures
    - About the Application Signatures Page
    - Global Settings
    - Add Application Signatures
    - Clone Application Signatures
    - Add Application Signatures Group
    - Edit Application Signatures
    - Delete Application Signatures
    - Search Text in an Application Signatures Table
  - Security Services—UTM Default Configuration
    - About the Default Configuration Page
    - Edit a Default Configuration
    - Delete Default Configuration
  - Security Services—UTM Antivirus
    - About the Antivirus Page
    - Add an Antivirus Profile
    - Clone an Antivirus Profile
    - Edit an Antivirus Profile
    - Delete Antivirus Profile
  - Security Services—UTM Web Filtering
    - About the Web Filtering Page
    - Add a Web Filtering Profile
    - Clone a Web Filtering Profile
    - Edit a Web Filtering Profile
    - Delete Web Filtering Profile
  - Security Services—UTM Category Update
    - About the Category Update Page
    - Category Update Settings
    - Download and Install Settings
  - Security Services—UTM Antispam Profiles
    - About the Antispam Page
    - Add an Antispam Profile
    - Clone an Antispam Profile
    - Edit an Antispam Profile
    - Delete Antispam Profile
  - Security Services—UTM Content Filtering
    - About the Content Filtering Page
    - Add a Content Filtering Profile
    - Clone a Content Filtering Profile
    - Edit a Content Filtering Profile
    - Delete Content Filtering Profile
  - Security Services—UTM Custom Objects
    - About the Custom Objects Page
    - Add a MIME Pattern List
    - Add a File Extension List
    - Add a Protocol Command List
    - Add a URL Pattern List
    - Add a URL Category List
    - Add a Custom Message List
    - Clone Custom Objects
    - Edit Custom Objects
    - Delete Custom Objects
  - Security Services—UTM Policy
    - About the Policy Page
    - Add a UTM Policy
    - Clone a UTM Policy
    - Edit a UTM Policy
    - Delete UTM Policy
  - Security Services—IPS Signature Update
    - About the Signature Update Page
    - Download an IPS Signature
    - Install an IPS Signature
    - Check Status of the IPS Signature
    - IPS Signature Download Setting
  - Security Services—IPS Sensor
    - About the Sensor Page
  - Security Services—IPS Policy
    - About the Policy Page
    - IDP Policy Template
    - Check Status of the IDP Policy
    - Add an IDP Policy
    - Clone an IDP Policy
    - Edit an IDP Policy
    - Delete IDP Policy
  - Security Services—Threat Prevention Policies
    - About the Threat Prevention Policies Page
    - Add a Threat Prevention Policy
    - Edit a Threat Prevention Policy
    - Delete Threat Prevention Policy
  - Security Services—IPsec VPN
    - About the IPsec VPN Page
    - IPsec VPN Global Settings
    - Create an IPsec VPN
    - Edit an IPsec VPN
    - Delete an IPsec VPN
  - Security Services—VPN IKE (Phase I)
    - About the IKE (Phase I) Page
    - Add a Gateway
    - Add an IPsec Policy
    - Add a Proposal
    - Edit an IKE (Phase I) Configuration
    - Delete IKE (Phase I) Configuration
  - Security Services—VPN IPsec (Phase II)
    - About the IKE (Phase II) Page
    - Add a VPN
    - Add an IPsec Policy
    - Add a Proposal
    - Edit an IKE (Phase II) Configuration
    - Delete IKE (Phase II) Configuration
  - Security Services—Manual Key VPN
    - About the Manual Key VPN Page
    - Add a Manual Key VPN
    - Edit a Manual Key VPN
    - Delete Manual Key VPN
  - Security Services—Dynamic VPN
    - About the Dynamic VPN Page
    - Global Settings
    - IPsec Template
    - Add a Dynamic VPN
    - Edit a Dynamic VPN
    - Delete Dynamic VPN
  - Security Services—User Firewall Active Directory
    - About the Active Directory Page
  - Security Services—User Firewall Authentication Priority
    - About the Auth Priority Page
  - Security Services—User Firewall Local Authentication
    - About the Local Auth Page
    - Add a Local Auth Entry
    - Delete a Local Auth Entry
  - Security Services—User Firewall Identity Management
    - About the Identity Management Page
    - Add an Identity Management Profile
    - Edit an Identity Management Profile
    - Delete Identity Management Profile
  - Security Services—SSL Initiation Profiles
    - About the SSL Initiation Profile Page
    - Add a SSL Initiation Profile
    - Edit a SSL Initiation Profile
    - Delete SSL Initiation Profile
  - Security Services—SSL Proxy Profiles
    - About the SSL Proxy Page
    - Add a SSL Proxy Profile
    - Clone a SSL Proxy Profile
    - Edit a SSL Proxy Profile
    - Delete SSL Proxy Profile
  - Security Services—ICAP Redirect
    - About the ICAP Redirect Profile Page
    - Add an ICAP Redirect Profile
    - Edit an ICAP Redirect Profile
    - Delete ICAP Redirect Profile
  - Wireless LAN—Settings
    - About the Settings Page
    - Create an Access Point
    - Edit an Access Point
    - Delete Access Point
    - Create an Access Point Radio Settings
    - Edit an Access Point Radio Settings
    - Delete Access Point Radio Settings
  - Multi Tenancy—Logical Systems
    - About the Logical Systems Page
    - Add a Logical System
    - Edit a Logical System
    - Delete Logical System
    - Search Text in Logical Systems Table
  - Multi Tenancy—Resource Profiles
    - About the Resource Profiles Page
    - Global Settings
    - Add a Resource Profile
    - Edit a Resource Profile
    - Delete Resource Profile
  - Multi Tenancy—Tenants
    - About the Tenants Page
    - Add a Tenant
    - Edit a Tenant
    - Delete Tenant
    - Search Text in Tenants Table
- Reports
  - Reports
    - About Reports Page
- Administration
  - Devices
  - License Management
    - Manage Your Licenses
  - Certificate Management
  - Network Monitoring
    - Monitor Chassis Alarm
    - Monitor System Alarm
  - RPM
    - Setup RPM
    - View RPM
  - Tools
  - Sky ATP Enrollment
    - Enroll Your Device with Juniper Sky ATP

ContentsHide

J-Web User Guide for SRX Series Devices
- About the Documentation
- Juniper Web Device Manager
  - Getting Started
- Dashboard
  - J-Web Dashboard
    - Dashboard Overview
- Monitor
- Configure
  - Device Settings
    - Configure Basic Settings
    - Configure Chassis Cluster
    - Configure Cluster (HA) Setup
    - Configure PPPoE
    - Configure VPN
    - Configure NAT
  - Setup Wizard
    - Configure Setup Wizard
  - Interfaces—Ports
    - About the Ports Page
    - Add a Logical Interface
    - Edit a Logical Interface
    - Delete Logical Interface
  - Interfaces—Interconnecting Ports
    - About the Interconnecting Ports Page
    - Add a LT Logical Interface
    - Edit a LT Logical Interface
    - Delete Logical Interface
    - Search for Text in an Interconnect Ports Table
  - Interfaces—VLAN
    - About the VLAN Page
    - Add a VLAN
    - Edit a VLAN
    - Delete VLAN
    - Assign an Interface to VLAN
  - Interfaces—Link Aggregation
    - About the Link Aggregation Page
    - Link Aggregation Global Settings
    - Add a Logical Interface to Link Aggregation
    - Add a Link Aggregation
    - Edit an Aggregated Interface
    - Delete Link Aggregation
    - Search for Text in the Link Aggregation Table
  - Network— DHCP Client
    - About the DHCP Client Page
    - Add DHCP Client Information
    - Delete DHCP Client Information
  - Network—DHCP Server
    - About the DHCP Server Page
    - Add a DHCP Pool
    - Edit a DHCP Pool
    - Delete DHCP Pool
    - DHCP Groups Global Settings
    - Add a DHCP Group
    - Edit a DHCP Group
    - Delete DHCP Group
  - Network—Routing Instances
    - About the Routing Instances Page
    - Add a Routing Instance
    - Edit a Routing Instance
    - Delete Routing Instance
  - Network—Static Routing
    - About the Static Routing Page
    - Add a Static Route
    - Edit a Static Route
    - Delete Static Route
  - Network—RIP Routing
    - About the RIP Page
    - Add a RIP Instance
    - Edit a RIP Instance
    - Delete RIP Instance
    - Edit RIP Global Settings
    - Delete RIP Global Settings
  - Network—OSPF Routing
    - About the OSPF Page
    - Add an OSPF
    - Edit an OSPF
    - Delete OSPF
  - Network—BGP Routing
    - About the BGP Page
    - Add a BGP Group
    - Edit a BGP Group
    - Delete a BGP Group
    - Edit Global Information
  - Network—ALG
    - About the ALG Page
  - Network—Forwarding Mode
    - About the Forwarding Mode Page
  - Network—Policies
    - About the Policies Page
    - Global Options
    - Add a Policy
    - Clone a Policy
    - Edit a Policy
    - Delete Policy
    - Test a Policy
  - Network—DS-Lite
    - About the DS-Lite Page
    - Add a DS-Lite
    - Edit a DS-Lite
    - Delete DS-Lite
  - Network—CoS Value Alias
    - About the Value Alias Configuration Page
    - Add a Code Point Alias
    - Edit a Code Point Alias
    - Delete Code Point Alias
  - Network—CoS Forwarding Classes
    - About the Forwarding Classes Page
    - Add a Forwarding Class
    - Edit a Forwarding Class
    - Delete Forwarding Class
  - Network—CoS Classifiers
    - About the Classifiers Page
    - Add a Classifier
    - Edit a Classifier
    - Delete Classifier
  - Network—CoS Rewrite Rules
    - About the Rewrite Rules Page
    - Add a Rewrite Rule
    - Edit a Rewrite Rule
    - Delete Rewrite Rule
  - Network—CoS Schedulers
    - About the Schedulers Page
    - Add a Scheduler
    - Edit a Scheduler
    - Delete Scheduler
  - Network—CoS Scheduler Maps
    - About the Scheduler Maps Page
    - Add a Scheduler Map
    - Edit a Scheduler Map
    - Delete Scheduler Map
  - Network—CoS Drop Profile
    - About the Drop Profile Page
    - Add a Drop Profile
    - Edit a Drop Profile
    - Delete Drop Profile
  - Network—CoS Virtual Channel Groups
    - About the Virtual Channel Groups Page
    - Add a Virtual Channel
    - Edit a Virtual Channel
    - Delete Virtual Channel
  - Network—CoS Assign To Interface
    - About the Assign To Interface Page
    - Edit a Port
    - Add a Logical Interface
    - Edit a Logical Interface
    - Delete Logical Interface
  - User Management
    - About the User Management Page
    - Add an User
    - Edit an User
    - Delete User
  - Users—Access Profile
    - About the Access Profile Page
    - Add an Access Profile
    - Edit an Access Profile
    - Delete an Access Profile
  - Users—Firewall Authentication
    - About the Firewall Authentication Page
  - Users—UAC Settings
    - About the UAC Settings Page
  - Security Objects—Application Tracking
    - About the Application Tracking Page
  - Security Objects—Address Pools
    - About the Address Pools Page
    - Add an Address Pool
    - Edit an Address Pool
    - Delete Address Pool
    - Search for Text in an Address Pools Table
  - Security Services—Policy Rules
    - About the Rules Page
    - Global Options
    - Add a Rule
    - Clone a Rule
    - Edit a Rule
    - Delete Rules
  - Security Services—Policy Objects Zones/Screens
    - About the Zones/Screens Page
    - Add a Zone
    - Edit a Zone
    - Delete Zone
    - Add a Screen
    - Edit a Screen
    - Delete Screen
  - Security Services—Policy Objects Services
    - About the Services Page
    - Add a Custom Application
    - Edit a Custom Application
    - Delete Custom Application
    - Add an Application Group
    - Edit an Application Group
    - Delete Application Group
  - Security Services—Policy Objects Zone Addresses
    - About the Zone Addresses Page
    - Add Zone Addresses
    - Clone Zone Addresses
    - Edit Zone Addresses
    - Delete Zone Addresses
    - Search Text in a Zone Addresses Table
  - Security Services—Policy Objects Global Addresses
    - About the Global Addresses Page
    - Add an Address Book
    - Edit an Address Book
    - Delete Address Book
  - Security Services—Policy Objects Proxy Profiles
    - About the Proxy Profiles Page
    - Add a Proxy Profile
    - Edit a Proxy Profile
    - Delete Proxy Profile
  - Security Services—Policy Objects Schedules
    - About the Schedules Page
    - Add a Schedule
    - Clone a Schedule
    - Edit a Schedule
    - Delete Schedule
    - Search Text in Schedules Table
  - Security Services—IPv4 Firewall Filters
    - About the IPv4 Page
    - Add IPv4 Firewall Filters
  - Security Services—IPv6 Firewall Filters
    - About the IPv6 Page
    - Add IPv6 Firewall Filters
  - Security Services—Firewall Filters—Assign to Interfaces
    - About the Assign to Interfaces Page
  - Security Services—Source NAT
    - About the Source Page
    - Global Settings
    - Add a Source Rule Set
    - Edit a Source Rule Set
    - Delete Source Rule Set
    - Add a Source NAT Pool
    - Edit a Source NAT Pool
    - Delete Source NAT Pool
  - Security Services—Destination NAT
    - About the Destination Page
    - Add a Destination Rule Set
    - Edit a Destination Rule Set
    - Delete Destination Rule Set
    - Add a Destination NAT Pool
    - Edit a Destination NAT Pool
    - Delete Destination NAT Pool
  - Security Services—Static NAT
    - About the Static Page
    - Add a Static Rule Set
    - Edit a Static Rule Set
    - Delete Static Rule Set
  - Security Services—NAT Proxy ARP/ND
    - About the Proxy ARP/ND Page
    - Add a Proxy ARP
    - Edit a Proxy ARP
    - Delete a Proxy ARP
    - Add a Proxy ND
    - Edit a Proxy ND
    - Delete Proxy ND
  - Security Services—App Secure Application Signatures
    - About the Application Signatures Page
    - Global Settings
    - Add Application Signatures
    - Clone Application Signatures
    - Add Application Signatures Group
    - Edit Application Signatures
    - Delete Application Signatures
    - Search Text in an Application Signatures Table
  - Security Services—UTM Default Configuration
    - About the Default Configuration Page
    - Edit a Default Configuration
    - Delete Default Configuration
  - Security Services—UTM Antivirus
    - About the Antivirus Page
    - Add an Antivirus Profile
    - Clone an Antivirus Profile
    - Edit an Antivirus Profile
    - Delete Antivirus Profile
  - Security Services—UTM Web Filtering
    - About the Web Filtering Page
    - Add a Web Filtering Profile
    - Clone a Web Filtering Profile
    - Edit a Web Filtering Profile
    - Delete Web Filtering Profile
  - Security Services—UTM Category Update
    - About the Category Update Page
    - Category Update Settings
    - Download and Install Settings
  - Security Services—UTM Antispam Profiles
    - About the Antispam Page
    - Add an Antispam Profile
    - Clone an Antispam Profile
    - Edit an Antispam Profile
    - Delete Antispam Profile
  - Security Services—UTM Content Filtering
    - About the Content Filtering Page
    - Add a Content Filtering Profile
    - Clone a Content Filtering Profile
    - Edit a Content Filtering Profile
    - Delete Content Filtering Profile
  - Security Services—UTM Custom Objects
    - About the Custom Objects Page
    - Add a MIME Pattern List
    - Add a File Extension List
    - Add a Protocol Command List
    - Add a URL Pattern List
    - Add a URL Category List
    - Add a Custom Message List
    - Clone Custom Objects
    - Edit Custom Objects
    - Delete Custom Objects
  - Security Services—UTM Policy
    - About the Policy Page
    - Add a UTM Policy
    - Clone a UTM Policy
    - Edit a UTM Policy
    - Delete UTM Policy
  - Security Services—IPS Signature Update
    - About the Signature Update Page
    - Download an IPS Signature
    - Install an IPS Signature
    - Check Status of the IPS Signature
    - IPS Signature Download Setting
  - Security Services—IPS Sensor
    - About the Sensor Page
  - Security Services—IPS Policy
    - About the Policy Page
    - IDP Policy Template
    - Check Status of the IDP Policy
    - Add an IDP Policy
    - Clone an IDP Policy
    - Edit an IDP Policy
    - Delete IDP Policy
  - Security Services—Threat Prevention Policies
    - About the Threat Prevention Policies Page
    - Add a Threat Prevention Policy
    - Edit a Threat Prevention Policy
    - Delete Threat Prevention Policy
  - Security Services—IPsec VPN
    - About the IPsec VPN Page
    - IPsec VPN Global Settings
    - Create an IPsec VPN
    - Edit an IPsec VPN
    - Delete an IPsec VPN
  - Security Services—VPN IKE (Phase I)
    - About the IKE (Phase I) Page
    - Add a Gateway
    - Add an IPsec Policy
    - Add a Proposal
    - Edit an IKE (Phase I) Configuration
    - Delete IKE (Phase I) Configuration
  - Security Services—VPN IPsec (Phase II)
    - About the IKE (Phase II) Page
    - Add a VPN
    - Add an IPsec Policy
    - Add a Proposal
    - Edit an IKE (Phase II) Configuration
    - Delete IKE (Phase II) Configuration
  - Security Services—Manual Key VPN
    - About the Manual Key VPN Page
    - Add a Manual Key VPN
    - Edit a Manual Key VPN
    - Delete Manual Key VPN
  - Security Services—Dynamic VPN
    - About the Dynamic VPN Page
    - Global Settings
    - IPsec Template
    - Add a Dynamic VPN
    - Edit a Dynamic VPN
    - Delete Dynamic VPN
  - Security Services—User Firewall Active Directory
    - About the Active Directory Page
  - Security Services—User Firewall Authentication Priority
    - About the Auth Priority Page
  - Security Services—User Firewall Local Authentication
    - About the Local Auth Page
    - Add a Local Auth Entry
    - Delete a Local Auth Entry
  - Security Services—User Firewall Identity Management
    - About the Identity Management Page
    - Add an Identity Management Profile
    - Edit an Identity Management Profile
    - Delete Identity Management Profile
  - Security Services—SSL Initiation Profiles
    - About the SSL Initiation Profile Page
    - Add a SSL Initiation Profile
    - Edit a SSL Initiation Profile
    - Delete SSL Initiation Profile
  - Security Services—SSL Proxy Profiles
    - About the SSL Proxy Page
    - Add a SSL Proxy Profile
    - Clone a SSL Proxy Profile
    - Edit a SSL Proxy Profile
    - Delete SSL Proxy Profile
  - Security Services—ICAP Redirect
    - About the ICAP Redirect Profile Page
    - Add an ICAP Redirect Profile
    - Edit an ICAP Redirect Profile
    - Delete ICAP Redirect Profile
  - Wireless LAN—Settings
    - About the Settings Page
    - Create an Access Point
    - Edit an Access Point
    - Delete Access Point
    - Create an Access Point Radio Settings
    - Edit an Access Point Radio Settings
    - Delete Access Point Radio Settings
  - Multi Tenancy—Logical Systems
    - About the Logical Systems Page
    - Add a Logical System
    - Edit a Logical System
    - Delete Logical System
    - Search Text in Logical Systems Table
  - Multi Tenancy—Resource Profiles
    - About the Resource Profiles Page
    - Global Settings
    - Add a Resource Profile
    - Edit a Resource Profile
    - Delete Resource Profile
  - Multi Tenancy—Tenants
    - About the Tenants Page
    - Add a Tenant
    - Edit a Tenant
    - Delete Tenant
    - Search Text in Tenants Table
- Reports
  - Reports
    - About Reports Page
- Administration
  - Devices
  - License Management
    - Manage Your Licenses
  - Certificate Management
  - Network Monitoring
    - Monitor Chassis Alarm
    - Monitor System Alarm
  - RPM
    - Setup RPM
    - View RPM
  - Tools
  - Sky ATP Enrollment
    - Enroll Your Device with Juniper Sky ATP

Add an IPsec Policy

You are here: Configure > Security Services > VPN > IPsec (Phase II).

Procedure

To add an IPSec policy:

Click the add icon (+) on the upper right side of the IPSec Policy tab of IKE (Phase II) page.
The Add Policy page appears.
Complete the configuration according to the guidelines provided in Table 273.
Click OK to save the changes. If you want to discard your changes, click Cancel.

Table 273: Fields on the Add Policy Page

Field	Action
IPSec Policy
Name	Enter a name of the remote gateway.
Description	Enter a description of the policy to associate it with an IPSec tunnel.
Perfect Forward Secrecy	Displays the method the device uses to generate the encryption key. PFS generates each new encryption key independent of the previous key. Select a method from the list: None. group1—Diffie-Hellman Group 1. group2—Diffie-Hellman Group 2. group5—Diffie-Hellman Group 5. group14—Diffie-Hellman Group 14. group19—Diffie-Hellman Group 19. group20—Diffie-Hellman Group 20. group24—Diffie-Hellman Group 24. group15—Starting in Junos OS Release 19.1R1, Diffie-Hellman Group 15 is supported. group16—Starting in Junos OS Release 19.1R1, Diffie-Hellman Group 16 is supported. group21—Starting in Junos OS Release 19.1R1, Diffie-Hellman Group 21 is supported. Note: Starting in Junos OS Release 19.1R1, the new DH-Groups supports SRX5000 Series devices with SPC3 card upon installation of junos-ike package only. To install junos-ike package from J-Web, navigate to Configure > Security Services > IPsec VPN > Global Settings and click Install.
Proposal
Predefined	Specifies that the anti-replay checking feature of IPsec be disabled. By default, anti-replay checking is enabled. Select Predefined, and select a proposal type from the list: basic compatible standard prime-128 prime-256 suiteb-gcm-128 suiteb-gcm-256
User defined	Specifies a list of proposals previously defined by the user. Click User Defined, select Proposals from the pop-up menu, and then click Add. Note: When this IKE policy is configured for Dynamic VPN, the selected P1 proposal can only have one item for User Defined proposal.
Proposal List	Select the P1 Proposals from the Available table and by using the arrow move it to the Selected P1 Proposals table. Note: When this IKE policy is configured for Dynamic VPN, the selected P1 proposal can only have one item for User Defined.

Related Documentation

Help us to improve. Rate this article.

Feedback Received. Thank You!

Previous

Next

Related Topics

Need more help?

Ask questions in TechWiki

Contact Customer Support

Check documentation in TechLibrary

Rating by you:

X