CertExams.com Simulator Lab Exercises Answers

Configuring IKE Phase 1 gateway and reference the IKE policy

Description: Lab exercise explains ike phase1 gateway configuration and referencing ike policy defined

A remote IKE peer can be identified by either IP address, FQDN/u-FQDN or ASN1-DN (PKI certificates). For this example we are identifying the peer by IP address. Therefore the gateway address should be the remote peer’s public IP address. It is important also to specify the correct external interface. If either the peer address or external interface specified is incorrect then the IKE gateway will not be properly identified during phase 1 negotiations.

Command Syntax:

[edit security ike]
gateway <gateway-name>{
ike-policy ;
address <ip-address>;
external-interface <interface-name>;
dead-peer-detection {
interval <seconds>;
threshold <number>;

Network Diagram:

lab image


1. Create an IKE Phase 1 gateway and define its external interface.

2. Define the IKE Phase 1 policy reference.

3. Define IKE Phase1 gateway address

Please refer to the CertExams.com Juniper Network Simulator software for complete lab.

CertExams Blog!  Certexams.com Facebook Page Certexams.com Twitter Page Certexams on YouTube