Thanks Steve, just to confirm your statement I ran through the same exercise with a SRX without FIPS mode enabled and the option for preshared-key is available.
When enabling FIPS mode the commit check requires that the plain text password is removed.
I am now required to use certificates in FIPS mode and will look into this.
------------------------------
Paul Andreozzi
------------------------------
Original Message:
Sent: 11-03-2023 08:25
From: spuluka
Subject: ascii-text not available
The FIPS standard requires that some less secure methods and commands are disabled in the software so they cannot be used.
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home
Original Message:
Sent: 11-03-2023 07:21
From: Paul Andreozzi
Subject: ascii-text not available
Hi All. I am trying to configure a IPSec tunnel on a SRX running version 22.2R1.9 in FIPS mode.
Pretty straightforward config but the option for "ascii-text" is not available.
[edit security ike policy XXXX]
FwA:fips# set pre-shared-key ?
No valid completions
Any thoughts?
Paul
------------------------------
Paul Andreozzi
------------------------------