Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Configuring PKI VPN Modifications for SRX devices

0

0

Article ID: KB10138 KB Last Updated: 25 Jun 2021Version: 6.0
Summary:

This article explains how to configure PKI VPN modifications for SRX Series devices.

Solution:

Follow the steps below to modify the IKE gateway from a pre-shared key to a certificate-based VPN:

From J-Web

  1. Navigate to Configuration > Security Services > IPSEC VPN > IKE Phase 1.

  1. Click Phase 1. A dialog box with options to add to the Phase 1 configuration opens. Click Proposal > "+" on the right to create a new phase 1 proposal.

  1. Enter Name. Change Authentication Method to rsa-signatures. Click OK.

  1. Click the IKE Policy tab, and then click the policy name to be edited.

  1. Change the following settings:

  • Select Certificate (as opposed to pre-shared key).

  • Be sure that Peer Certificate Type shows x509-signature.

  • For Proposal, select your RSA proposal that was created earlier from the drop-down list, and then click Add.

  1. Click OK to return to the IKE configuration screen, then click OK again to exit the IKE screen.

 

From CLI

set security ike proposal pki-proposal1 authentication-method rsa-signatures
set security ike proposal pki-proposal1 dh-group group2
set security ike proposal pki-proposal1 authentication-algorithm md5
set security ike proposal pki-proposal1 encryption-algorithm 3des-cbc
set security ike policy ike-policy1 proposals pki-proposal1
set security ike policy ike-policy1 certificate trusted-ca use-all
set security ike policy ike-policy1 certificate peer-certificate-type x509-signature
Modification History:
  • 2021-06-25: Updated the J-Web snippets as per the latest version and removed J-Series references

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search