Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


During IKE Phase 1 negotiation, when negotiation request is received, there are two identity checks.

  1. IKE-ID validation from ID payload.

  2. Phase 1 authentication by pre-shared key or RSA/DSA certificate.

Configure remote-identity to lookup the certificate of the peer for certificate authentication. This remote-identity should match the corresponding field in the SubjectAltname extension of the peer certificate for successful detection of peer certificate and authentication.

The identity check with the same IKE-ID is repeated, that is, the IKE-ID validation with remote-identity and the certificate authentication. To avoid this, during authentication of remote peer, use the general-ikeid under theset security ike gateway gateway_name dynamic hierarchy level to bypass the validation process.

If you enable this option, then during authentication of remote peer, the device accepts all ike-id types like, hostname, user@hostname, and so on.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 21.1R1