CertExams.com Simulator Lab Exercises Answers
Description: Lab exercise explains ike phase1 gateway configuration and referencing ike policy defined
A remote IKE peer can be identified by either IP address, FQDN/u-FQDN or ASN1-DN (PKI certificates). For this example we are identifying the peer by IP address. Therefore the gateway address should be the remote peer’s public IP address. It is important also to specify the correct external interface. If either the peer address or external interface specified is incorrect then the IKE gateway will not be properly identified during phase 1 negotiations.
Command Syntax:
[edit security ike]
user@srx#show
gateway <gateway-name>{
ike-policy ;
address <ip-address>;
external-interface <interface-name>;
dead-peer-detection {
interval <seconds>;
threshold <number>;
}}
Network Diagram:
Instructions:
1. Create an IKE Phase 1 gateway and define its external interface.
2. Define the IKE Phase 1 policy reference.
3. Define IKE Phase1 gateway address
Please refer to the CertExams.com Juniper Network Simulator software for complete lab.
