Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

ike (Security IPsec VPN)

Syntax

Hierarchy Level

Description

Define an IKE-keyed IPsec VPN.

Options

anti-replay-window-size

To enable the anti-replay-window-size option, you first need to configure the option for each VPN object or at the global level. You can configure the anti-replay window size in the range of 64 to 8192 (power of 2). If the anti-replay window size is not configured, the window size is 64 by default. If anti-replay-window-size command is configured at both the global and VPN object levels, the configuration on VPN object takes precedence over global configuration.

anti-replay-window-size is supported only on SRX 5000 Series devices with SRX5K-SPC3 card installed.

gateway-name

Name of the remote IKE gateway.

idle-time

Specify the maximum amount of idle time to delete a security association (SA).

  • Default: To be disabled

  • Range: 60 through 999,999 seconds

install-interval

Specify the maximum number of seconds to allow for the installation of a rekeyed outbound security association (SA) on the device.

  • Default: 1 second

  • Range: 0 through 10 seconds

ipsec-policy

Specify the IPsec policy name.

no-anti-replay

Disable the antireplay checking feature of IPsec. Antireplay is an IPsec feature that can detect when a packet is intercepted and then replayed by attackers. By default, antireplay checking is enabled.

proxy-identity

Optionally specify the IPsec proxy ID to use in negotiations. The default is the identity based on the IKE gateway. If the IKE gateway is an IPv6 site-to-site gateway, the default proxy ID is ::/0. If the IKE gateway is an IPv4 gateway or a dynamic endpoint or dialup gateway, the default proxy ID is 0.0.0.0/0.

  • local—Specify the local IPv4 or IPv6 address and subnet mask for the proxy identity.

  • remote—Specify the remote IPv4 or IPv6 address and subnet mask for the proxy identity.

  • service—Specify the service (port and protocol combination) to protect. Name of the service is as defined with system-services (Interface Host-Inbound Traffic) and system-services (Zone Host-Inbound Traffic).

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 8.5. Support.

Statement anti-replay-window-size is introduced in Junos OS Release 19.2R1.