Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Configuring PKI VPN Modifications for the J Series or SRX Series device

0

0

Article ID: KB10138 KB Last Updated: 05 Mar 2017Version: 5.0
Summary:
Configuring PKI VPN Modifications for the J Series or SRX Series device
Symptoms:

Solution:

Follow the steps below to modify the IKE gateway from a preshared key to a certificate based VPN:

From J-Web:

Step 1.Navigate to Configuration > Quick Configuration > VPN > IKE.


Step 2. Click on Phase 1 Proposal tab, then click Add to create a new phase 1 proposal


Step 3. Enter Name. Change Authentication method to show rsa-signatures. Then click OK.


Step 4. Click on IKE policy tab, then click on the policy name to be edited.


Step 5. Change the following settings:

  • Select Certificate (as opposed to pre-shared key).
  • Be sure that Peer Certificate Type shows x509-signature.
  • For Trusted CA, select Use all.
  • For Proposal, Select your RSA proposal created earlier from the pull down list, then click Add.



Step 6. Click OK to return to the IKE configuration screen, then click OK again to exit out of the IKE screen.

From CLI:

set security ike proposal pki-proposal1 authentication-method rsa-signatures
set security ike proposal pki-proposal1 dh-group group2
set security ike proposal pki-proposal1 authentication-algorithm md5
set security ike proposal pki-proposal1 encryption-algorithm 3des-cbc
set security ike policy ike-policy1 proposals pki-proposal1
set security ike policy ike-policy1 certificate trusted-ca use-all
set security ike policy ike-policy1 certificate peer-certificate-type x509-signature

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search