mode (Policy)

Syntax

mode (aggressive | main);

Hierarchy Level

[edit security group-vpn member ike policy policy-name][edit security group-vpn server ike policy policy-name][edit security ike policy policy-name ]

Release Information

Statement introduced in Release 8.5 of Junos OS. Support for group-vpn hierarchies added in Junos OS Release 10.2.

Description

Define the mode used for Internet Key Exchange (IKE) Phase 1 negotiations. Use aggressive mode only when you need to initiate an IKE key exchange without ID protection, as when a peer unit has a dynamically assigned IP address. (The main option is not supported on dynamic VPN implementations.)

Options

aggressive—Aggressive mode.
main—Main mode. Main mode is the recommended key-exchange method because it conceals the identities of the parties during the key exchange.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.