establish-tunnels
Syntax
establish-tunnels (immediately | on-traffic | responder-only);
Hierarchy Level
[edit services ipsec-vpn]
Description
Specify when IKE is activated: immediately after VPN information is configured and configuration changes are committed, or only when data traffic flows. In the second case, IKE needs to be negotiated with the peer gateway. Starting in Junos OS Release 18.2R1, you can also specify that the MX Series router only responds to IKE negotiations.
The immediately option is required to tear down the st0 interface when dead peer detection (DPD) protocol is configured.
Options
| immediately | IKE is activated immediately after VPN configuration and configuration changes are committed. |
| on-traffic | IKE is activated only when data traffic flows. IKE needs to be negotiated with the peer gateway. |
| responder-only | Responds to IKE negotiations that are initiated by the peer gateway, but does not initiate IKE negotiations. This option is required when another vendor’s peer gateway expects the protocol and port values in the traffic selector from the initiating gateway, which the MX Series does not provide. |
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Release 8.5 of Junos OS.
responder-only option added in Junos OS Release 18.2R1.