Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


Specify the remote IKE identity to exchange with the destination peer to establish communication. If you do not configure a remote-identity, the device uses the IPv4 or IPv6 address corresponding to the remote endpoint by default.

For Network Address Translation Traversal (NAT-T), both remote identity and local identity must be configured.


  • distinguished-name—Specify identity as the distinguished name (DN) from the certificate. If there is more than one certificate on the device, use the security ike gateway gateway-name policy policy-name certificate local-certificate certificate-id.

    Optional container and wildcard strings can be specified:

    • container container-string—Specify a string for the container.

    • wildcard wildcard-string—Specify a string for the wildcard.

  • hostname hostname—Specify identity as a fully qualified domain name (FQDN).

  • inet ip-address—Specify identity as an IPv4 address.

  • inet6 ipv6-address—Specify identity as an IPv6 address.

  • key-id string-key-id—Specify the key ID in ASCII sring.

  • user-at-hostname e-mail-address—Specify identity as an e-mail address.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 11.4.