Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

VPNs

  • Signature authentication in IKEv2 (cSRX, MX240, MX304, MX480, MX960, MX10004, MX10008, SRX1500, SRX1600, SRX2300, SRX4100, SRX4200, SRX4300, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX 3.0)—Secure your IPsec VPN service that runs using the iked process with IKEv2 signature authentication based on RFC 7427. Enable this feature by using the following options:

    • digital-signature—Configure this option at the [edit security ike proposal proposal-name authentication-method] hierarchy level to enable the signature authentication method. You can use this method only if your device exchanges a signature hash algorithm with the peer.

    • signature-hash-algorithm—Configure this option at the [edit security ike proposal proposal-name] hierarchy level to enable the peer device to use one or more specific signature hash algorithms (SHA1, SHA256, SHA384, and SHA512). Note that the IKE peers can use different hash algorithms in different directions.

    See [Signature Authentication in IKEv2, proposal (Security IKE), and Signature Hash Algorithm (Security IKE).]