IPsec VPN Global Settings
You are here: VPN > IPsec VPN.
Use this page to view or add the VPN global configuration details. Click Global settings on the IPsec VPN page.
Table 1 describes the fields on the Global Settings page.
Table 1: Fields on the Global Settings Page
IKE - Respond to bad-spi
Enable this option if you want the device to respond to IPsec packets with invalid IPsec Security Parameter Index (SPI) values.
Enter a value from 1 through 30 to respond to invalid SPI values per gateway. The default is 5. This option is available when Response Bad SPI is selected.
IPsec VPN Monitor Options
Enable this option if you want the device to monitor VPN liveliness.
Enter a value from 2 through 3600 seconds after which Internet Control Message Protocol (ICMP) requests are sent to the peer.
Enter a value from 1 through 65,536 to specify the number of consecutive unsuccessful pings before the peer is declared unreachable.
|Remote Access VPN|
Default Profile Name
Select a default profile name from the list.
Note: This option is available when at least one Juniper Secure Connect VPN is created.
SSL VPN Tunnel tracking
Enable this option to track Encapsulated Security Payload (ESP) tunnels.
SSL VPN Profiles
Lists the SSL VPN profiles.
Note: This option displays associated IPsec VPNs when at least one remote access VPN is created.
To add a new SSL VPN profile:
To edit a SSL termination profile, select the profile you want to edit and click on the pencil icon.
To delete a SSL termination profile, select the profile you want to delete and click on the delete icon.
Internal SA Keys
Enter the encryption key. You must ensure that the manual encryption key is in ASCII text and 24 characters long; otherwise, the configuration will result in a commit failure.
Note: This option is available only for SRX5000 line of devices, SRX4100, SRX4200, SRX4600 devices, and vSRX.