Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides
https://forum.ivorde.com/

Juniper SRX 11.4: Bypass IPSEC VPN IKE ID validation for "remote-identity"
https://forum.ivorde.com/juniper-srx-11-4-bypass-ipsec-vpn-ike-id-validation-for-remote-identity-t15701.html
Page 1 of 1

Author:  mandrei99 [ Thu Oct 31, 2013 5:00 am ]
Post subject:  Juniper SRX 11.4: Bypass IPSEC VPN IKE ID validation for "remote-identity"

The Juniper SRX firwewall is performs an IKE Phase 1 identity validation based on the "remote-identity" set for the specific ike gateway.

If upgrading from 10.4 where by default a default identity is used or if the remote host isn't sending one and the SRX, under Junos 11.4, fails to bring up IKE phase 1 due to id validation failure, it can be changed to accept generic ike ID, bypassing IKE ID validation in the received payload:

Code:
# set security ike gateway <IKE-gateway-name> general-ikeid


References:
[SRX] How to bypass remote-identity check for IKE Phase 1 negotiation. http://kb.juniper.net/InfoCenter/index?page=content&id=KB27302

Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/