Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Tue Jul 16, 2019 2:47 pm


Username:
Subject:
Message body:
Enter your message here, it may contain no more than 60000 characters. 

Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:
Font size:
 
Font colour
Options:
BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON
Disable BBCode
Disable smilies
Do not automatically parse URLs
Confirmation code
Confirmation code:
In an effort to prevent automatic submissions, we require that you enter both of the words displayed into the text field underneath.
     

Topic review - Site2Site Ipsec/Dialup/ike v2
Author Message
Post subject: Site2Site Ipsec/Dialup/ike v2  |  Post Posted: Wed Sep 16, 2015 9:07 am
Hello
I have gotten a couple of requierments from the infrastructure architects at my job, for the site2site vpn to our small offices.

- Cert authentication
- Ike V2

There are some offices that have a dynamic ip, when i did some googling i found this two articels that seems to contradict eachother.

https://kb.juniper.net/InfoCenter/index ... login=true here they are using aggressive mode (so i guess it wont work in ike v2)
http://www.juniper.net/techpubs/en_US/j ... ec-site-... here it also says that i have to use aggresive mode vpn.



https://kb.juniper.net/InfoCenter/index ... id=KB24704 here they solve it in a different way (i guess this solution supports ike v2? )


So can i solve it with in this way?

gateway gw_svr {
ike-policy ike_pol_svr;
dynamic {
distinguished-name {
container CN=client-srx;
}
}


Like in the pki example.
Jump to:  
News News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO