You can use J-Web Quick Configuration to quickly configure an IKE Gateway.
Before You Begin |
---|
For background information, read:
|
Figure 28 shows the Quick Configuration page where you can select an existing gateway, or click Add to create a new one.
Figure 28: IKE Gateway Quick Configuration Page – Adding a Gateway
Figure 29 shows the Quick Configuration page where you create a new IKE gateway.
Figure 29: IKE Gateway Quick Configuration Page – Configuring a Gateway
To configure an IKE gateway with Quick Configuration:
![]() |
Note: The list of IKE gateways displayed on this page includes both standard VPN gateways and dynamic VPN gateways. |
Table 189: IKE Gateway Options
Field |
Function |
Action |
---|---|---|
IKE Gateway | ||
Name |
Name to identify the IKE gateway. |
Enter a name. |
IKE Policy |
IKE policy to associate with the IKE gateway. An IKE policy specifies the type of preshared key to use during Phase 1 negotiations as well as which Phase 1 proposal(s) to use. |
Select a previously created IKE policy. |
External Interface |
Outgoing interface to use when establishing security associations (SAs). An interface acts as a doorway through which traffic enters and exits the JUNOS device. |
Specify a previously created interface. |
NAT Keepalive Interval |
The dynamic VPN feature automatically includes support for NAT traversal (NAT-T). The NAT keepalive interval controls how often NAT keepalive packets can be sent so that NAT translation continues. |
Specify a maximum interval in seconds at which NAT keepalive packets can be sent. Range: 1 through 300 seconds. Default: 5 seconds. |
Local Identity |
Local identity of the endpoint computer to send in the IKE exchange. You can identify the local identity in any of the following ways:
If you do not configure a local identity, the device uses the virtual IP address assigned by the Radius server during the Xauth configuration exchange. |
Specify an IP address, hostname, or user-at-hostname. |
Dynamic Remote Identifier | ||
Connections limit |
Maximum number of concurrent connections allowed. When the maximum number of connections is reached, no more dynamic VPN endpoint users attempting to access an IPsec VPN are allowed to begin Internet Key Exchange (IKE) negotiations. |
Specify the maximum number of concurrent users that can be connected to the gateway (Remote Access Server). |
IKE User Hostname |
Name or identifier to use when establishing the VPN tunnel. We recommend entering the fully qualified domain name to identify the dynamic peer, but you can enter any name or identifier as long as it is unique. |
Specify one primary name or identifier and up to four backups. |
Dead Peer Detection | ||
Enable DPD |
Enable dead peer detection (DPD), as outlined in RFC 3706 Dead Peer Detection. |
Click the check box to disable or enable. (Disabled by default.) |
Always Send |
Send DPD requests regardless of whether there is outgoing IPsec traffic to the peer. |
Click the check box to disable or enable. (Disabled by default.) |
Interval |
Amount of time that the peer waits for traffic from its destination peer before sending a DPD request packet. |
Enter the interval at which to send DPD messages. Range: 1 through 60 seconds. Default: 10. |
Threshold |
Maximum number of unsuccessful DPD requests that can be sent before the peer is considered unavailable. |
Enter the maximum number of unsuccessful DPD requests to be sent. Range: 1 through 5. Default: 5. |
XAuth | ||
Access Profile |
Provide extended authentication (XAuth), in addition to IKE authentication, for remote users trying to access a VPN tunnel.
Note: This Access Profile option does not control authentication for users trying to download Access Manager. For client download authentication, use the Access Profile option on the Global Settings Quick Configuration page. For more information, see "Configuring Global Client Download Settings-Quick Configuration (Dynamic VPNs)". |
Select a previously created access profile. |