Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

gateway (Security Group VPN Server IKE)

Syntax

Hierarchy Level

Description

Configure IKE gateway for group VPN server.

Options

gateway gateway-name —Name of the gateway.

address ip-address —Specify the IP address of the peer.

dead-peer-detection —Enable DPD between group server cluster servers.

dynamic—Specify the identifier for the remote gateway with a dynamic IPv4 address. Use this statement to set up a VPN with a gateway that has an unspecified IPv4 address.

  • hostname domain-name —Specify a fully qualified domain name.

  • inet ip-address —Specify an IPv4 address to identify the dynamic peer.

  • user-at-hostname e-mail-address —Specify an e-mail address.

Configuring mode main for group VPN servers or members is not supported when the remote gateway has a dynamic address and the authentication method is pre-shared-keys.ike-policy policy-name —Specify the name of the IKE policy.

local-address ip-address —Configure the source IP address the group VPN server uses when communicating with a group member or a root-server. This statement is normally used when there are multiple IP addresses bound to an interface.

local-identity—Specify the local IKE identity to send in the exchange with the destination peer to establish communication. If you do not configure a local-identity, the device uses the IPv4 corresponding to the local endpoint by default.

  • hostname hostname—Specify identity as a fully qualified domain name (FQDN).

  • inet ip-address—Specify identity as an IPv4 address.

  • user-at-hostname e-mail-address—Specify identity as an e-mail address.

remote-identity—Specify the remote IKE identity of the destination peer. If you do not configure a remote identity, the device uses, by default, the IPv4 address that corresponds to the destination peer.

  • hostname hostname—Specify identity as a fully qualified domain name (FQDN).

  • inet ip-address—Specify identity as an IPv4 address.

  • user-at-hostname e-mail-address—Specify identity as an e-mail address.

routing-instance routing-instance—Configure the routing instance that the group VPN server uses when communicating with a group server. This statement is used when the IKE gateway is not configured in the default routing instance.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 10.2.

Support for the Group VPN server added in Junos OS Release 15.1X49-D30 for vSRX.