Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


connections (Host VPN)


Hierarchy Level


Configure IPsec connection details. The Internet Key Exchange (IKE) protocol is a component of IPsec used for performing mutual authentication and establishing and maintaining security associations (SAs). Each SA describes a specific negotiated set of parameters to protect traffic for a certain time period for an IPsec VPN.



Specify the name of the IKE SA connection.


Specify the Dead Peer Detection delay used on the connection. This is the Interval between sending liveness messages.

  • Default: 0, which is disabled Dead Peer Dectection.

  • Range: 0 through 3600

ike-proposal ike-proposal

Specify the algorithms to use in negotiating the IKE SA from among the pre-selected combinations available, which represent the encryption algorithm, integrity algorithm, and Diffie Hellman group.


Propose 3des SHA1 and DH group modp1536.


Propose aes256gcm128 and DH group ecp384.


Propose aes256gcm128 and DH group modp3072.


Propose aes256 CBC, sha384 and DH group ecp384.


Propose aes256 CBC, sha384 and DH group modp3072.

[ ]

Propose a set composed from the values permitted.

  • Default: aes256-sha384-ecp384


Specify the local endpoint’s IPv4 or IPv6 address.

rekey-time rekey-time

Specify how long in seconds before the IKE SA is rekeyed. Actual rekeying occurs slightly sooner than that specified because of rekey randomization.

  • Default: 14,400

  • Range: 60 through 86,400


Specify the remote endpoint’s IPv4 or IPv6 address.

The remaining statements are explained separately.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Evolved Release 18.3R1.