Configuring an IPsec Policy—Dynamic VPNs

You can use J-Web to quickly configure an IPsec policy.

Before You Begin

For background information, read:

  • "Dynamic Virtual Private Networks (VPNs)" chapter in the JUNOS Software Security Configuration Guide.

To configure an IPsec policy:

  1. Select Configure>IPSec VPN>Dynamic VPN>IPsec Autokey.
  2. Select the IPsec Policy tab if it is not already selected.
  3. To modify an existing policy, click the appropriate link in the Name column to go to the policy’s configuration page. Or, select the policy from among those listed and click one of the following buttons:
    • To apply the configuration, click Apply.
    • To delete the configuration, click Delete.
  4. To configure a new IPsec policy, click Add.
  5. Fill in the options as described in Table 90.
  6. Click one of the following buttons:
    • To apply the configuration, click OK.
    • To cancel the configuration and return to the main Configuration page, click Cancel.

Table 90: IPsec Policy Configuration Options




IPsec Policy


Name to identify the policy.

Enter a name.


Description of the policy.

Enter a brief description of the policy.

Perfect Forward Secrecy

Method the device uses to generate the encryption key. Perfect Forward Secrecy generates each new encryption key independently from the previous key.

  • group1—Diffie-Hellman Group 1.
  • group2—Diffie-Hellman Group 2.
  • group5—Diffie-Hellman Group 5.

Select a method.



Do not use a proposal.

Click None.

User Defined

Use up to four Phase 2 proposals that you previously defined. If you include multiple Phase2 proposals in the IPsec policy, use the same Diffie-Hellman group in all of the proposals.

Click User Defined, select a proposal (or proposals) from the pop-up menu, and click Add.


Use one of the following types of predefined Phase 1 proposals:

  • Basic
  • Compatible
  • Standard

Click Predefined, and select a proposal type.