Example: Configuring an IKE Gateway (CLI)

When configuring Phase 1 of an IPsec tunnel using IKE, you first configure proposals, then policies, and finally the gateway. The following example-based instructions show how to create the IKE gateway.

When creating the gateway, you must reference the Phase 1 policy. In this example, you create an IKE gateway called ike_gateway_1, reference the policy ike_pol_1, and configure an IP address for the gateway. You configure dead peer detection (DPD) to send a DPD request packet when the device has not received traffic from a peer for 10 seconds, and to consider the peer unavailable after five sequences of waiting 10 seconds and sending a DPD request packet. You also specify ge-0/0/0 as the outgoing interface.

To configure an IKE gateway using the CLI editor:

user@host# set security ike gateway ike_gateway_1 ike-policy ike_pol_1user@host# set security ike gateway ike_gateway_1 address 1.1.1.2user@host# set security ike gateway ike_gateway_1 dead-peer-detection interval 10user@host# set security ike gateway ike_gateway_1 dead-peer-detection threshold 5user@host# set security ike gateway ike_gateway_1 external-interface ge-0/0/0

Use the following command to display information about this IKE gateway:

user@host# show security ike gateway ike_gateway_1

Related Topics