set security ike proposal CERT_PROP authentication-method rsa-signatures
set security ike proposal CERT_PROP dh-group group2
set security ike proposal CERT_PROP authentication-algorithm sha1
set security ike proposal CERT_PROP encryption-algorithm aes-128-cbc
set security ike proposal CERT_PROP lifetime-seconds 86400
set security ike proposal CERT_PROP dh-group group2
set security ike proposal CERT_PROP authentication-algorithm sha1
set security ike proposal CERT_PROP encryption-algorithm aes-128-cbc
set security ike proposal CERT_PROP lifetime-seconds 86400
set security ike policy vSRX_02_CERT mode main
set security ike policy vSRX_02_CERT proposals CERT_PROP
set security ike policy vSRX_02_CERT certificate local-certificate SRX210_key_01
set security ike policy vSRX_02_CERT certificate peer-certificate-type x509-signature
set security ike policy vSRX_02_CERT proposals CERT_PROP
set security ike policy vSRX_02_CERT certificate local-certificate SRX210_key_01
set security ike policy vSRX_02_CERT certificate peer-certificate-type x509-signature
set security ike gateway vSRX_02 ike-policy vSRX_02_CERT
set security ike gateway vSRX_02 address 10.0.0.102
set security ike gateway vSRX_02 external-interface reth2.0
set security ike gateway vSRX_02 local-identity user-at-hostname "your.email@domain.com"
set security ike gateway vSRX_02 remote-identity user-at-hostname "your.email@domain.com"
set security ike gateway vSRX_02 local-identity user-at-hostname "your.email@domain.com"
set security ike gateway vSRX_02 remote-identity user-at-hostname "your.email@domain.com"
root@SRX210_A# run show security ike sa 10.0.0.102 detail
node0:
--------------------------------------------------------------------------
IKE peer 10.0.0.102, Index 1917721, Gateway Name: vSRX_02
Role: Responder, State: UP
Initiator cookie: 1bb59a819ce8e2df, Responder cookie: 4daa2c9906f66705
Exchange type: Main, Authentication method: RSA-signatures
Local: 192.168.0.211:500, Remote: 10.0.0.102:500
Lifetime: Expires in 86381 seconds
Peer ike-id: your.email@domain.com
Xauth assigned IP: 0.0.0.0
Algorithms:
Authentication : hmac-sha1-96
Encryption : aes128-cbc
Pseudo random function: hmac-sha1
Diffie-Hellman group : DH-group-2
Traffic statistics:
Input bytes : 2516
Output bytes : 2296
Input packets: 5
Output packets: 4
Flags: IKE SA is created
IPSec security associations: 1 created, 0 deleted
Phase 2 negotiations in progress: 0
Negotiation type: Quick mode, Role: Responder, Message ID: 0
Local: 192.168.0.211:500, Remote: 10.0.0.102:500
Local identity: your.email@domain.com
Remote identity: your.email@domain.com
Flags: IKE SA is created
node0:
--------------------------------------------------------------------------
IKE peer 10.0.0.102, Index 1917721, Gateway Name: vSRX_02
Role: Responder, State: UP
Initiator cookie: 1bb59a819ce8e2df, Responder cookie: 4daa2c9906f66705
Exchange type: Main, Authentication method: RSA-signatures
Local: 192.168.0.211:500, Remote: 10.0.0.102:500
Lifetime: Expires in 86381 seconds
Peer ike-id: your.email@domain.com
Xauth assigned IP: 0.0.0.0
Algorithms:
Authentication : hmac-sha1-96
Encryption : aes128-cbc
Pseudo random function: hmac-sha1
Diffie-Hellman group : DH-group-2
Traffic statistics:
Input bytes : 2516
Output bytes : 2296
Input packets: 5
Output packets: 4
Flags: IKE SA is created
IPSec security associations: 1 created, 0 deleted
Phase 2 negotiations in progress: 0
Negotiation type: Quick mode, Role: Responder, Message ID: 0
Local: 192.168.0.211:500, Remote: 10.0.0.102:500
Local identity: your.email@domain.com
Remote identity: your.email@domain.com
Flags: IKE SA is created
