Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Example: Configuring AutoVPN with Pre-Shared Key

This example shows how to configure different IKE preshared key used by the VPN gateway to authenticate the remote peer. Similarly, to configure same IKE preshared key used by the VPN gateway to authenticate the remote peer.

Requirements

This example uses the following hardware and software components:

  • MX240, MX480, and MX960 with MX-SPC3 and Junos OS Release 21.1R1 that support AutoVPN
  • or SRX5000 line of devices with SPC3 and Junos OS Release 21.2R1 that support AutoVPN
  • or vSRX running iked and Junos OS Release 21.2R1 that support AutoVPN

Configure different IKE preshared key

To configure different IKE preshared key that the VPN gateway uses to authenticate the remote peer, perform these tasks.

  1. Configure the seeded preshared for IKE policy in the device with AutoVPN hub.

    or

    For example:

    or

  2. Display the pre-shared key for remote peer using gateway name and user-id.

    For example:

    Pre-shared key: 79e4ea39f5c06834a3c4c031e37c6de24d46798a
  3. Configure the generated PSK ("79e4ea39f5c06834a3c4c031e37c6de24d46798a" in step 2) in the ike policy on the remote peer device.

    For example:

  4. (Optional) To bypass the IKE ID validation and allow all IKE ID types, configure general-ikeid configuration statement under the [edit security ike gateway gateway_name dynamic] hierarchy level in the gateway.

Result

From the configuration mode, confirm your configuration by entering the show security command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

Configure same IKE preshared key

To configure same IKE preshared key that the VPN gateway uses to authenticate the remote peer, perform these tasks.

  1. Configure the common pre-shared-key for ike policy in the device with AutoVPN hub.

    For example:

  2. Configure the common pre-shared-key on the ike policy for remote peer device.

    For example:

  3. (Optional) To bypass the IKE ID validation and allow all IKE ID types, configure general-ikeid configuration statement under the [edit security ike gateway gateway_name dynamic] hierarchy level in the gateway.

Result

From the configuration mode, confirm your configuration by entering the show security command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.