Example: Configuring an IKE Policy (CLI)

When configuring Phase 1 of an IPsec tunnel using IKE, you first configure proposals, then policies, and finally the gateway. The following example-based instructions show how to create the policy portion of the IKE gateway.

During policy configuration, you must set the mode in which the Phase 1 channel will be negotiated, specify the type of key exchange to be used, and reference the Phase 1 proposal. In this example, you create a policy called ike_pol_1, specify that participants exchange proposals in aggressive mode, and reference the proposal called ike_prop_1. You specify that the preshared key be of type ASCII, and enter the key.

Note: When configuring an IKE policy for the dynamic VPN feature, note that you must set the mode to aggressive. Also note that you must use preshared keys rather than manual keys or certificates.

To configure and IKE policy using the CLI Editor:

user@host# set security ike policy ike_pol_1 mode aggressive user@host# set security ike policy ike_pol_1 description "new ike policy"user@host# set security ike policy ike_pol_1 proposals ike_prop_1user@host# set security ike policy ike_pol_1 pre-shared-key ascii-text "$9$UQiqf36A1RSTzRSreXxDik.Tzn/CuBI"

Use the following command to display information about this IKE policy:

user@host# show security ike policy ike_pol_1

Related Topics

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.