VPN Profiles Overview
You can use a VPN Profile Wizard to create an object that specifies the VPN proposals, mode of the VPN, and other parameters used in a route-based IPsec VPN. You can also configure the Phase 1 and Phase 2 settings in a VPN profile.
When a VPN profile is created, Juniper Security Director Cloud creates an object in the database to represent the VPN profile. You can use this object to create route-based IPsec VPN.
You cannot modify or delete Juniper Networks defined VPN profiles. You can only clone the profiles and create new profiles.
SRX Series Firewalls support preshared key and PKI certificate-based authentication methods in IKE negotiation for IPsec VPNs. The RSA certificate and DSA certificate-based authentication are supported for IKE negotiation. The predefined VPN profile is available with both RSA and DSA certificates-based authentication. The PKI certificate list from the device is automatically retrieved during the device discovery and update-based syslog notifications.