Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Sun Dec 08, 2019 5:27 am


Username:
Subject:
Message body:
Enter your message here, it may contain no more than 60000 characters. 

Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:
Font size:
 
Font colour
Options:
BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON
Disable BBCode
Disable smilies
Do not automatically parse URLs
Confirmation code
Confirmation code:
In an effort to prevent automatic submissions, we require that you enter both of the words displayed into the text field underneath.
     

Topic review - Juniper SRX 11.4: Bypass IPSEC VPN IKE ID validation for "remote-identity"
Author Message
Post subject: Juniper SRX 11.4: Bypass IPSEC VPN IKE ID validation for "remote-identity"  |  Post Posted: Thu Oct 31, 2013 5:00 am
The Juniper SRX firwewall is performs an IKE Phase 1 identity validation based on the "remote-identity" set for the specific ike gateway.

If upgrading from 10.4 where by default a default identity is used or if the remote host isn't sending one and the SRX, under Junos 11.4, fails to bring up IKE phase 1 due to id validation failure, it can be changed to accept generic ike ID, bypassing IKE ID validation in the received payload:

Code:
# set security ike gateway <IKE-gateway-name> general-ikeid


References:
[SRX] How to bypass remote-identity check for IKE Phase 1 negotiation. http://kb.juniper.net/InfoCenter/index?page=content&id=KB27302
Jump to:  
cronNews News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO