ike (Security Group VPN Member)
Syntax
ike {
gateway gateway-name {
ike-policy policy-name;
local address ip-address;
local-identity {
(hostname hostname | inet ip-address | inet6 ipv6-address | user-at-hostname e-mail-address);
}
remote-identity {
(hostname hostname | inet ip-address | user-at-hostname e-mail-address);
}
routing-instance routing-instance;
server-address ip-address;
}
policy policy-name {
description description;
mode (aggressive | main);
pre-shared-key (ascii-text key | hexadecimal key);
proposals proposal-name;
}
proposal proposal-name {
authentication-algorithm (sha-256 | sha-384);
authentication-method pre-shared-keys;
description description;
dh-group (group14 | group24);
encryption-algorithm (aes-128-cbc | aes-192-cbc | aes-256-cbc);
lifetime-seconds seconds;
}
traceoptions {
file {
filename;
files number;
match regular-expression;
size maximum-file-size;
(world-readable | no-world-readable);
}
flag flag (all | certificates | config | database | general | high-availability | ike | next-hop-tunnels | parse | policy-manager | routing-socket | thread | timer);
gateway-filter {
local-address ip-address;
remote-address ip-address;
}
level (all | error | info | notice | verbose | warning);
no-remote-trace;
}
}
Hierarchy Level
[edit security group-vpn member]
Description
Enabling tracing can adversely impact scale and performance and may increase security risk. We strongly recommend using the trace, tracing, or traceoptions commands only under the guidance of a JTAC support engineer. After collecting the debug information, immediately disable tracing to minimize risk and restore normal system performance.
Configure IKE group VPN on the group member. A group member encrypts the traffic and is responsible for the actual encryption and decryption of data traffic. A group member is configured with IKE Phase 1 parameters and GC/KS information.
Options
| gateway gateway-name | Configure IKE gateway for group VPN member. |
| policy policy-name | Configure an IKE policy. |
| proposalproposal-name | Define an IKE proposal. |
| traceoptions | Configure group VPN tracing options to aid in troubleshooting the IKE issues. |
| ipsec | Configure IPsec for Phase 2 exchange on the group member. |
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 10.2.