You can optionally specify local identifiers for use in IKE phase 1 negotiation. If the local-id statement is omitted, the local gateway address is used.
To specify one or more local IDs, include the local-id statement at the [edit services ipsec-vpn ike policy policy-name] hierarchy level:
-
local-id {
- ipv4_addr [ values ];
- ipv6_addr [ values ];
- key_id [ values ];
- }
You can also specify remote gateway identifiers for which the IKE policy is used. The remote gateway address in which this policy is defined is added by default.
To specify one or more remote IDs, include the remote-id statement at the [edit services ipsec-vpn ike policy policy-name] hierarchy level:
-
remote-id {
- any-remote-id;
- ipv4_addr [ values ];
- ipv6_addr [ values ];
- key_id [ values ];
- }
The any-remote-id option allows any remote address to connect. This option is supported only in dynamic endpoints configurations and cannot be configured along with specific values. For more information about dynamic endpoint configurations, see Configuring Dynamic Endpoints.