member (Security Group VPN)
Syntax
member {
ike {
gateway gateway-name;
policy;
proposal;
traceoptions;
}
ipsec {
vpn vpn-name {
df-bit (clear | copy | set);
exclude rule rule-name {
source-address ip-address/mask;
destination-address ip-address/mask;
application application;
}
fail-open rule rule-name {
source-address ip-address/mask;
destination-address ip-address/mask;
application application;
}
group id;
group-vpn-external-interface interface;
ike-gateway gateway-name;
recovery-probe;
}
}
}
Hierarchy Level
[edit security group-vpn]
Description
Enabling tracing can adversely impact scale and performance and may increase security risk. We strongly recommend using the trace, tracing, or traceoptions commands only under the guidance of a JTAC support engineer. After collecting the debug information, immediately disable tracing to minimize risk and restore normal system performance.
Configure group VPN member. A group member encrypts the traffic and is responsible for the actual encryption and decryption of data traffic. A group member is configured with IKE Phase 1 parameters and GC/KS information.
Options
| ikegateway-name | Configure IKE gateway for group VPN member. |
| policy policy-name | Configure an IKE policy. |
| proposalproposal-name | Define an IKE proposal. |
| traceoptions | Configure group VPN tracing options to aid in troubleshooting the IKE issues. |
| ipsec | Configure IPsec for Phase 2 exchange on the group member. |
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 10.2.