Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides
https://forum.ivorde.com/

Site2Site Ipsec/Dialup/ike v2
https://forum.ivorde.com/site2site-ipsec-dialup-ike-v2-t19812.html
Page 1 of 1

Author:  balzac123 [ Wed Sep 16, 2015 9:07 am ]
Post subject:  Site2Site Ipsec/Dialup/ike v2

Hello
I have gotten a couple of requierments from the infrastructure architects at my job, for the site2site vpn to our small offices.

- Cert authentication
- Ike V2

There are some offices that have a dynamic ip, when i did some googling i found this two articels that seems to contradict eachother.

https://kb.juniper.net/InfoCenter/index ... login=true here they are using aggressive mode (so i guess it wont work in ike v2)
http://www.juniper.net/techpubs/en_US/j ... ec-site-... here it also says that i have to use aggresive mode vpn.



https://kb.juniper.net/InfoCenter/index ... id=KB24704 here they solve it in a different way (i guess this solution supports ike v2? )


So can i solve it with in this way?

gateway gw_svr {
ike-policy ike_pol_svr;
dynamic {
distinguished-name {
container CN=client-srx;
}
}


Like in the pki example.

Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/