[Prev][Next][Report an Error]

Configuring an IKE Policy—Dynamic VPNs

You can use J-Web to quickly configure an IKE policy.

Before You Begin

For background information, read:

  • "Dynamic Virtual Private Networks (VPNs)" chapter in the JUNOS Software Security Configuration Guide.

To configure an IKE policy :

  1. Select Configure>IPSec VPN>Dynamic VPN>IKE.
  2. Select the IKE Policy tab if it is not already selected.
  3. To modify an existing policy, click the appropriate link in the Name column to go to the policy’s configuration page. Or, select the policy from among those listed and click one of the following buttons:
  4. To configure a new IKE policy, click Add.
  5. Fill in the options as described in Table 203.
  6. Click one of the following buttons:

Table 203: IKE Policy, Authentication, and Proposal Options




IKE Policy


Name to identify the policy.

Enter a name.


Description of the policy.

Enter a brief description of the policy.


Specifies how participants should exchange encryption and authentication information during Phase 1 tunnel negotiations. The dynamic VPN feature only uses aggressive mode, which transfers the information between participants in two exchanges.

No action is required. The device displays this information for informational purposes only.

Pre-shared Key

Pre-shared key

Use one of the following preshared key types:

  • ASCII text
  • Hexadecimal

Click Pre shared key, click the type of key, and enter the key in the appropriate format.



Do not use proposals

Click None.

User Defined

Use up to four Phase 1 proposals that you previously defined. If you include multiple Phase1 proposals in the IKE policy, use the same Diffie-Hellman group in all of the proposals.

Click User Defined, select a proposal (or proposals) from the pop-up menu, and click Add.


Use one of the following types of predefined Phase 1 proposals:

  • Basic
  • Compatible
  • Standard

Click Predefined, and select a proposal type.

[Prev][Next][Report an Error]