Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


ike (Security IPsec VPN)


Hierarchy Level


Define an IKE-keyed IPsec VPN.



To enable the anti-replay-window-size option, you first need to configure the option for each VPN object or at the global level. You can configure the anti-replay window size in the range of 64 to 8192 (power of 2). If the anti-replay window size is not configured, the window size is 64 by default. If anti-replay-window-size command is configured at both the global and VPN object levels, the configuration on VPN object takes precedence over global configuration.

anti-replay-window-size is supported only on SRX 5000 Series devices with SRX5K-SPC3 card installed.


Name of the remote IKE gateway.


Specify the maximum amount of idle time to delete a security association (SA).

  • Default: To be disabled

  • Range: 60 through 999,999 seconds


Specify the maximum number of seconds to allow for the installation of a rekeyed outbound security association (SA) on the device.

  • Default: 1 second

  • Range: 0 through 10 seconds


Specify the IPsec policy name.


Disable the antireplay checking feature of IPsec. Antireplay is an IPsec feature that can detect when a packet is intercepted and then replayed by attackers. By default, antireplay checking is enabled.


Optionally specify the IPsec proxy ID to use in negotiations. The default is the identity based on the IKE gateway. If the IKE gateway is an IPv6 site-to-site gateway, the default proxy ID is ::/0. If the IKE gateway is an IPv4 gateway or a dynamic endpoint or dialup gateway, the default proxy ID is

  • local—Specify the local IPv4 or IPv6 address and subnet mask for the proxy identity.

  • remote—Specify the remote IPv4 or IPv6 address and subnet mask for the proxy identity.

  • service—Specify the service (port and protocol combination) to protect. Name of the service is as defined with system-services (Interface Host-Inbound Traffic) and system-services (Zone Host-Inbound Traffic).

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 8.5. Support.

Statement anti-replay-window-size is introduced in Junos OS Release 19.2R1.