Add an IPsec Policy
You are here: Configure > Security Services > VPN > IPsec (Phase II).
To add an IPSec policy:
- Click the add icon (+) on the upper right side
of the IPSec Policy tab of IKE (Phase II) page.
The Add Policy page appears.
- Complete the configuration according to the guidelines provided in Table 1.
- Click OK to save the changes. If you want to discard your changes, click Cancel.
Table 1: Fields on the Add Policy Page
Enter a name of the remote gateway.
Enter a description of the policy to associate it with an IPSec tunnel.
Perfect Forward Secrecy
Displays the method the device uses to generate the encryption key. PFS generates each new encryption key independent of the previous key.
Select a method from the list:
Note: Starting in Junos OS Release 19.1R1, the new DH-Groups supports SRX5000 Series devices with SPC3 card upon installation of junos-ike package only. To install junos-ike package from J-Web, navigate to Configure > Security Services > IPsec VPN > Global Settings and click Install.
Specifies that the anti-replay checking feature of IPsec be disabled. By default, anti-replay checking is enabled.
Select Predefined, and select a proposal type from the list:
Specifies a list of proposals previously defined by the user.
Click User Defined, select Proposals from the pop-up menu, and then click Add.
Note: When this IKE policy is configured for Dynamic VPN, the selected P1 proposal can only have one item for User Defined proposal.
Select the P1 Proposals from the Available table and by using the arrow move it to the Selected P1 Proposals table.
Note: When this IKE policy is configured for Dynamic VPN, the selected P1 proposal can only have one item for User Defined.