ike (Security)

Syntax

ike {gateway gateway- name {address [( ip-address | hostname )] |dead-peer-detection {always-send;interval seconds ;threshold number ;}dynamic {connections-limit number ;distinguished-name {container container-string ;wildcard wildcard-string ;}hostname domain-name ;ike-user-type (group-ike-id | shared-ike-id);inet ip-address ;user-at-hostname user-at-hostname ;}external-interface external-interface-name ;ike-policy policy-name ;local-identity (hostname hostname | inet ip-address | user-at-hostname e-mail-address | distinguished-name string );nat-keepalive seconds ;no-nat-traversal;xauth {access-profile profile-name ;}}policy policy-name {certificate {local-certificate certificate-id ;peer-certificate-type (pkcs7 | x509-signature);trusted-ca ( ca-index | use-all);}description description ;mode (aggressive | main);pre-shared-key (ascii-text | hexadecimal);proposal-set <basic | compatible | standard>;proposals [proposal-names];}proposal proposal-name {authentication-algorithm (md5 | sha1 | sha-256);authentication-method (dsa-signatures | pre-shared-keys | rsa-signatures);description description ;dh-group (group1 | group2 | group5);encryption-algorithm (des-cbc | 3des-cbc | aes-128-cbc | aes-192-cbc | aes-256-cbc);lifetime-seconds seconds ;}respond-bad-spi number ;traceoptions {file {files number ;size maximum-file-size ;}flag {all;certificates;database;general;ike;parse;policy-manager;routing-socket;timer;snmp;}}}

Hierarchy Level

[edit security]

Release Information

Statement modified in Release 8.5 of Junos OS.

Description

Define Internet Key Exchange (IKE) configuration.

Options

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.