Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Sun Dec 10, 2023 6:16 am


Author Message
mandrei99
Post  Post subject: Juniper SRX 11.4: Bypass IPSEC VPN IKE ID validation for "remote-identity"  |  Posted: Thu Oct 31, 2013 5:00 am

Joined: Tue Aug 04, 2009 9:16 am
Posts: 250

Offline
 

Juniper SRX 11.4: Bypass IPSEC VPN IKE ID validation for "remote-identity"

The Juniper SRX firwewall is performs an IKE Phase 1 identity validation based on the "remote-identity" set for the specific ike gateway.

If upgrading from 10.4 where by default a default identity is used or if the remote host isn't sending one and the SRX, under Junos 11.4, fails to bring up IKE phase 1 due to id validation failure, it can be changed to accept generic ike ID, bypassing IKE ID validation in the received payload:

Code:
# set security ike gateway <IKE-gateway-name> general-ikeid


References:
[SRX] How to bypass remote-identity check for IKE Phase 1 negotiation. http://kb.juniper.net/InfoCenter/index?page=content&id=KB27302





Top
Display posts from previous:  Sort by  
E-mail friendPrint view

Topics related to - "Juniper SRX 11.4: Bypass IPSEC VPN IKE ID validation for "remote-identity""
 Topics   Author   Replies   Views   Last post 
There are no new unread posts for this topic. Juniper SRX Hub-and-Spoke IPSEC VPN \w HUB behind NAT.

mandrei99

0

3200

Tue Oct 29, 2013 11:25 am

mandrei99 View the latest post

There are no new unread posts for this topic. Juniper SRX MTU / MSS / Fragmentation problems with Ipsec vpn tunnel

debuser

2

27722

Mon Jul 08, 2013 5:54 am

Tears View the latest post

There are no new unread posts for this topic. OpenSSL CA signed certificates based Ipsec VPN between Two Juniper SRX devices

debuser

2

11811

Thu Jun 27, 2013 10:40 am

mandrei99 View the latest post

There are no new unread posts for this topic. Attachment(s) Juniper SRX Spoke-to-Spoke IPSEC VPN \w spokes behind NAT.

mandrei99

0

5193

Tue Oct 29, 2013 9:22 am

mandrei99 View the latest post

There are no new unread posts for this topic. Linux site to site GRE over IPSEC VPN tunnels using racoon & kame ipsec-tools

mandrei99

0

15965

Tue Jan 13, 2015 6:26 am

mandrei99 View the latest post

There are no new unread posts for this topic. Site2Site Ipsec/Dialup/ike v2

balzac123

0

2631

Wed Sep 16, 2015 9:07 am

balzac123 View the latest post

There are no new unread posts for this topic. Iphone/Ipad Ipsec VPNs using SSL certificates - How to use OpenSSL to generate and format certs

mandrei99

0

5663

Wed Apr 10, 2013 5:42 am

mandrei99 View the latest post

There are no new unread posts for this topic. PKI: How to import OpenSSL private key and public certificate in Juniper SRX

mandrei99

0

43640

Fri Dec 12, 2014 10:07 am

mandrei99 View the latest post

There are no new unread posts for this topic. Juniper SRX: Main mode for dynamic peer with Preshared key based authentication is not allowed

mandrei99

0

4044

Fri Jan 09, 2015 11:41 am

mandrei99 View the latest post

There are no new unread posts for this topic. error: Failed to encode the certificate request in PKCS-10 format - Juniper SRX PKI error

mandrei99

0

3167

Fri Dec 12, 2014 10:32 am

mandrei99 View the latest post

 

Who is online
Users browsing this forum: No registered users and 0 guests
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Jump to:  
News News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO